Patch & Configuration Compliance Automation

Unified data governance, risk and compliance - designed and configured for your organisation.

Book a patch management review

Wanstor’s Microsoft Purview Implementation

As organisations grow, data becomes harder to control: it spreads across cloud services, on‑prem systems, apps, and devices – making it difficult to find, trust, protect, and govern.


Wanstor helps you implement Microsoft Purview to discover, catalogue, classify and map your data estate – so you can reduce compliance risk, strengthen security controls, and enable data-driven decision making with confidence.

The challenge we solve

Modern data estates often suffer from fragmentation, compliance risk, security exposure, and inconsistent data quality – especially as businesses adopt advanced analytics and AI.


Microsoft Purview provides a unified approach to data governance by creating visibility across environments, including hybrid setups, with lineage and dependency insights.

What we deliver

Our service covers both the establishment of your data governance rules and the configuration of Microsoft Purview to reflect those rules.

You’ll come away with a clearer, governed data landscape – ready for secure use across the business.

    Typical outcomes include:

    • A mapped view of your data estate including classification and end‑to‑end lineage.
    • Agreed data sensitivity labels, terms and glossary to standardise definitions and classification.
    • Policies and governance controls aligned to your compliance and security requirements.
    • Initial monitoring configuration (metrics, alerting rules, diagnostics) with alerts routed to your nominated contacts if you don’t take a managed service.

    Our approach: two phases

    Phase 1 — Establishment (Strategy, design & readiness)

    We help you define and align the governance model before configuring the platform.

    • Evaluate your data governance maturity and identify gaps and improvement opportunities.
    • Design a solution aligned to your business goals and data requirements.
    • Support integration planning with existing data sources, platforms and supported tools.
    • Configure initial scans, catalogues and classifications to enable ongoing updates.
    • Create an up‑to‑date data estate map including classification and lineage.
    • Define and apply sensitivity labels, terms and glossary to standardise data definitions.
    • Set up foundational monitoring (access metrics, alert rules, diagnostic settings).

     

    Patch rollout timelines

    These KPIs apply to devices that are online and connected to the internet for at least 2 hours within the target period (offline devices update when they’re back online).

     

    Zero-day & critical security patches

    If a vendor releases an out-of-cycle patch for a publicly disclosed zero-day, we accelerate deployment:

    • Pilot group: within 24 hours
    • All affected systems: within 48 hours

     

    All other security patches

    For vendor-rated Important / Moderate / Low security updates:

    • Patched within 14 days for in-scope systems.

    Linux note: Security-only patching is supported for Red Hat where a relevant bulletin exists; for other Linux flavours we trigger an update of all modules and align to the non-security schedule below.

     

    Non-security updates & rollups

    For non-security updates, rollups and server service packs:

    • Patched within 30 days

     

    Windows 11 feature updates

    Choose your preferred model:

    • Automatic: rolled out as released
    • On-demand: rolled out when you raise a support ticket

     

    Driver updates

    • Security driver updates follow the severity/timelines above
    • Non-security driver updates are not deployed automatically

    FAQ

    Will patching disrupt users?
    We use staged rollouts and defined patch windows. End-user devices can postpone reboots up to 72 hours (default).

    What if devices are offline?
    KPIs apply to devices online for at least 2 hours during the target period; offline devices patch when they return online.

    What happens if a patch fails?
    We attempt remediation by uninstalling/reinstalling as appropriate. For servers, if remediation fails, a restore may be performed from backups.

    Can we exclude certain apps or systems?
    Yes – exclusions can be agreed during onboarding or via our change request process.

    Ready to reduce patch risk?

    If you want patching that’s structured, monitored, and aligned to clear timelines, without overloading internal IT - Wanstor can help.