Enable Vendor Acquired Windows Patch
Users with the Patch Manager, Patch User, and Patch Security roles can enable, add, and edit vendor-acquired patches to Windows deployment jobs.
Identify the “AcquireFromVendor” type patches available for adding to Windows deployment patch jobs by navigating to the Patches > Windows tab.
By running the “downloadMethod:AcquireFromVendor” QQL query, you can see patches available for enablement.
Patches with the Lock 
icons are available for enablement.
Patches with the Unlock 
icons are enabled for adding to patch jobs.
Refer to the following sections:
Enabling Vendor-Acquired Patch
Adding Patch to Windows Deployment Job
Enabling Vendor-Acquired Patch
You can enable the “AcquireFromVendor” type of Windows patches, and then you can add them to existing or new Windows deployment jobs.
Note: In the case of on-demand jobs, the required cloud agent version for vendor-acquired patch enablement is 5.2 and above.
Complete the following steps:
1. Go to the Patches > Windows tab, and run the “downloadMethod:AcquireFromVendor” QQL query. You can see patches with the Lock icons. These patches are available for enablement.
2. Select the check box next to the patch you want to enable and click Enable Patch.
3. Complete the following steps to add the custom repository URL:
i. From the "Add Custom Repository URLs" page, click the CUSTOM URLS tab, and select the required language, for example, All Languages, from the Language Support list.
ii. Enter the respective local repository URL in the URL field, and click Add. You can enter both the HTTP and HTTPS types of links.
Note: You can also find the Vendor URL on this page. Click the VENDOR URLS tab, where you can see the vendor URL. Click the Copy 
icon next to the vendor URL. Refer to the Add Patch Process shown in the following screen capture. You can hide the Add Patch Process representation by clicking Remove.
iii. After the URL is added, click Add URLs.
The following message is shown. Close it by clicking Ok.
The patch you selected is now enabled. You can now add the patch to the Windows deployment job.
When you view the details of that patch from the Basic Information tab, you can see the custom Repository you entered.
Adding Patch to Windows Deployment Job
After enabling the patch, you can add it to an existing or a new Windows deployment job.
Complete the following steps:
1. Go to the Patches > Windows tab, and run the “downloadMethod:AcquireFromVendor” or "enabledVendorAcquiredPatches:true" QQL query. The patches with the Unlock icons are enabled for adding to patch jobs.
2. Select the check box next to the patch you want to add to the deployment job, and click Add to Existing Job or Add to New Job as required.
You can also add multiple patches to an existing job or a new job.
- If you click Add to Existing Job, you are navigated to the "Add Patches: Existing Deployment Jobs" page. Select the check box next to the job and click Add. The Adding Patches window is shown, wherein it's mentioned that the patch has been successfully added. Click Continue.
Note: Make sure that you turn the Enable opportunistic patch download toggle to ON from the job you selected.
- If you click Add to New Job, you are navigated to the "Create: Windows Deployment Job" page. Complete the Windows Job creation steps, and the patch is added to the new Windows deployment job.
Note: Refer to the following screen capture. While completing step 4 - Select Patches, you can see the patch you enabled is automatically added to the new job that you are creating.
While completing step 7, make sure you turn the Enable opportunistic patch download toggle to ON.
Important to Know!
- After you enabled a patch, added it to the job, and want to modify it, the edits will be reflected if and when the job manifests are triggered for active or ongoing jobs. The active or ongoing jobs are the ones for which we are still waiting to receive results from the agent.