If the scanned hosts are marked as non-compliant, you need to remediate them to apply missing patches or updates. You have the option to stage or remediate patches and updates.

Let's see the differences between the two processes:

• Staging: Patches are copied from Update Manager to the ESXi hosts across the network. This allows you to reduce the remediation time. Staging host patches is not a required step, and it is not necessary to put hosts in maintenance mode while patches are staged. If you have hosts connected to Update Manager over slow WAN, staging patches can reduce the ESXi outage that's required for remediation.
  To proceed with staging from vSphere Web Client, click the Stage Patches... button in the Update Manager tab and follow these steps:
  1. Select the baselines to attach and click Next.
  2. Specify the hosts on which you want to stage patches and then click Next.
• 3. Select the patches and extensions to be staged in the selected hosts and click Next.
  4. Review the settings selection and then click Finish to begin the staging process.
• Remediating: The remediation process applies patches and upgrades to the objects that are non-compliant with the attached baseline. To remediate hosts from vSphere Web Client, click the Remediate... button in the Update Manager tab and follow these steps:
  1. Select the baseline to apply to the hosts and click Next.
  2. Select the hosts to remediate and click Next.
  3. Select the patches and extensions to apply to selected hosts and click Next.
  4. In the Advanced options step, you can schedule the remediation task by specifying the name of the task, description of the task, and remediation time. You can also choose to ignore warnings for unsupported hardware devices that may stop the remediation procedure. When you are done with this, click Next.
  5. In the Host remediation options, be sure to leave the VM power state as set to Do Not Change VM Power State to avoid VM downtime, allowing the system to vMotion the VMs to other hosts. Also, tick the Disable any removable media devices connected to the virtual machines on the host option. After doing this, click Next.
  6. Specify the Cluster remediation options to apply to the selected cluster during remediation. Disable DPM, FT (if you have only two hosts in the cluster), and HA admission control (if you have a few hosts in the cluster), and click Next.

• 7. After reviewing the settings selection, click Finish to begin the remediation procedure for the selected hosts. When the remediation process is complete, ESXi hosts will be patched/upgraded and ready to host a VM.

If you do not have a DRS license (for vSphere Standard or Essentials), the host won't switch to the maintenance mode automatically because DRS will not be able to migrate the VMs from the hosts. You have to perform the vMotion of running VMs manually. The same applies if you have your cluster DRS configuration set to Partially automated. If the DRS is set to automatic, migration will be invoked by the system user, just like any vMotion that is invoked by DRS.

Once the remediation process finishes, the scan will be invoked automatically, and you should see that all ESXi hosts are compatible with the attached baselines.