Patch management is a crucial aspect of IT administration. It involves patching security vulnerabilities, eradicating bugs, as well as improving usability and performance by making sure software is up to date. Atera's Patch Management gives you total administrative control over patching, from within the platform.
IT automation profile tasks
OS patch management
Critical updates
Critical updates include fixes for non-security problems that can negatively affect your system's compatibility, performance, and interoperability.
Note: Any updates hidden on Windows OS will not be installed by Atera (even when selecting the 'Install all Windows patch updates' option.
Security updates
- Security updates: Address vulnerabilities to keep your system secure.
- Definition updates: Keep Windows Defender updated with the latest security patch definitions.
- Update rollups: A bundled set of updates for security and reliability that require immediate deployment.
Service packs
- Service pack updates: Enhance security and performance, and provide compatibility for new hardware types.
- Feature packs: Deliver both fixes and new functionalities, along with performance enhancements.
- Updates: Fix bugs that aren't related to security nor considered critical updates.
Drivers and tools
- Hardware driver updates: Keep your hardware running efficiently with the latest drivers to fix common issues and deliver stability and performance improvements.
- Office updates: Ensure your Microsoft Office suite is up-to-date with the latest productivity and security features.
- Tool updates: Provide updates to essential utilities and features that help users complete tasks more effectively.
Install all Mac patch updates
Recommended: Install recommended updates to maintain both security and stability on Mac devices.
Upgrade all Linux package upgrades
Upgrade all: Upgrade all installed packages on Linux systems to their latest available versions.
Reboot device
Reboot if needed: Trigger an automatic system reboot — when required — after patch installation, ensuring that updates are properly applied and active.
Note: Configuration policies override the "Reboot if needed" option found in IT automation profiles. For example, if you have set up a configuration policy with "Restart outside of active hours", the agent will reboot only after working hours have ended. Learn more
Software management
Update all: Manages the installation of new versions of software via Chocolatey (for Windows) and (Homebrew for Mac), ensuring that applications are current with the latest features and security enhancements. Learn more
Excluded software patches
Allows you to block updates for selected software, providing control over which versions are maintained in your environment.
Software bundle
Software bundles make it easy to install multiple applications in one automated step via Chocolatey (for Windows), Homebrew (for Mac), and your private repository
Upgrades
Upgrade to the most recent builds of Windows operating systems (10 or 11), prioritizing device compatibility.
Note:
- Windows upgrades take time, use network and disk resources, and may require multiple restarts. When both Windows 10 and 11 options are selected, the profile checks the device's eligibility and upgrades it to the latest compatible version.
- A valid license for the selected version is required.
Disk management
- Defragment (all disks): Reorganizes data on the disks to improve speed and efficiency.
- Run check disk (all disks): Performs a scan of all disks to report on their current health status, identifying any potential issues — without attempting repairs.
Maintenance
- Create system restore point: Safeguard the system by setting a restore point to revert to in case of an unexpected issue or update problem.
- Delete temporary files: Clear out temporary files to free up disk space and improve system performance.
- Delete internet history: Clean browser history for privacy and to enhance browser performance.
- Reboot: Safely restart the computer to complete updates or as part of routine maintenance.
- Shutdown: Allow for a scheduled shutdown of the system to conserve power or follow operational hours.
Note: For optimal results during reboot and shutdown maintenance, we suggest creating individual automation profiles for each task.
Scripts
Enhance automation by attaching custom or predefined scripts to the profile. Tailor complex tasks with the flexibility to edit variable values, allowing the same script to run across different scenarios with unique parameters.
For best practices, see Patch management: best practices
OS patch approval settings
Configure settings for installing and excluding operating system updates on your end-user devices for greater control, adaptability, and security when it comes to critical, non-critical, and recommended updates. Learn more
Set up automated patch management
After setting up your automation profile, you can apply it to your sites(s), site folders, or specific agents. You can also specify certain settings to apply to all automation profiles, in addition to the settings you've applied to individual profiles. Learn more
After setting up your automation profile, you can apply it to your customer(s), customer folders, or specific agents. You can also specify certain settings to apply to all automation profiles, in addition to the settings you've applied to individual profiles. Learn more
To set up an automation profile:
1. Go to Admin > Monitoring and automation > Patch Management and IT Automation.
2. Select a profile or click Add Profile to create an IT automation profile.
The Add patch and IT automation profile window appears.
3. Enter a name for the profile. Then click Save.
The Profile page appears.
4. Check the patches you want to install and the automation you want to include.
Note: You can exclude certain patches. It can be used for excluding problematic patches after trying them out on a demo or test environment. Learn more
Schedule the profile
Patch automation will run at the time set up in Atera under Admin > My account > Account settings > General > Time zone.
To schedule the profile:
1. Click + Add schedule.
2. Click the Select frequency dropdown. Then select daily, weekly, monthly, or annually.
3. Configure the rest of the schedule. Then click Save.
Note:
-
To automatically run the profile upon new agent installation, check the checkbox next to Run the profile on newly installed agents. Having multiple profiles with this option enabled, on the same customer, can create conflicts when the profile runs on a newly installed agent. Make that the tasks and scripts do not conflict with each other.
- If you want to schedule the automated Reboot or Shutdown (under Maintenance), we strongly recommend creating separate automation profiles for these, as they may disrupt other selected actions on a profile.
- Patches that have been installed — and require a device reboot for changes to be implemented — will display a 'Reboot required' notification next to the corresponding device(s) on the Devices page. This notification will appear regardless of whether the patch was manually installed or through an IT automation profile. Learn more
- Windows Optional updates cannot be patched automatically through IT automation profiles. These updates can only be installed manually as long as the patch is made available through WUA API which Atera is communicating with.
4. Click Save to save the automation profile. You can add email addresses to receive reports about patch installation success or failure after automation runs. These email addresses can be for technicians or end users.
Set offline agent execution preference
Under Execution settings, configure the queue for offline agents:
- Online agents only: Scheduled automation profiles will run on online agents only and will not be queued for offline agents.
- Queue for up to 1 hour: Scheduled automation profiles will run if agents come online within 1 hour.
- Queue for up to 1 day: Scheduled automation profiles will run if agents come online within 1 day.
- Queue for up to 1 week: Scheduled automation profiles will run if agents come online within 1 week.
- Queue for up to 2 weeks: Scheduled automation profiles will run if agents come online within 2 weeks.
- Queue for up to 1 month: Scheduled automation profiles will run if agents come online within 1 month.
Install patches immediately
Select Run now.
Assign an IT automation profile to sites or an agent
Assign an IT automation profile to customers or an agent
Once you have created an IT automation profile, you need to assign it to a site, folder, or agent for it to take effect. Learn more
Once you have created an IT automation profile, you need to assign it to a customer, folder, or agent for it to take effect. Learn more