We're currently running ESXi 7.0.3 Build 23307199 (7.0U3p) in two separate environments, and according to VMware ESXi release notes pages and the Build information page link below, we're at the latest patch/build version in both, using the three built-in Predefined baselines (Critical Host Patches, Non-critical Host Patches, and Host Security Patches). However, one environment currently shows a non-compliant status on all hosts for the Non-critical Host Patch baseline. Both environments were patched at about the same time. The only difference might be (or should be) that hardware systems (and some configurations) may not be identical.
My question is, how do I determine and view what specific patches are missing (or need to be applied), and, should I expect a Build number change after updating these systems to compliance? What is the build number change based on?
Build numbers and versions of VMware ESXi/ESX:
https://kb.vmware.com/s/article/2143832