Jamf Nation Community

I have three recon policies: 

1. The first automatic recon runs weekly on all machines at check-in, network state change and enrollment.
2. The second automatic recon runs daily on machines that need it: Out of compliance, critical apps or updates missing or haven't checked in for a long time. I periodically add more smart groups to the scope, ahead of a major OS or app update for example so that I can keep a closer tab on the update progression. 
3. The third recon update is Company Portal, ongoing, for situations where I'm in contact with the user and want to speed up a process - i.e. Intune registration that requires Company Portal, or installations that require setting profiles. 

In your case, I would create a smart group for all devices with the old version you're trying to patch and add that to the daily recon's scope.

You can go further and create an ongoing recon scoped for devices you want information about even sooner than that, but don't let it run repeatedly with a lot of recon collected as a long-running policy (even a recon one) will block other policies from running until it's completed and a full recon can take several minutes to complete. 

I wasn't being patient enough.
Those systems the policy applied to eventually started updating the patch report.
Thanks to piotrr and sdagley!