Set up Automated Patch Management With IT Automation

Patch management is a crucial aspect of IT administration. It involves patching security vulnerabilities, eradicating bugs, as well as improving usability and performance by making sure software is up to date. To learn more about how Patch Management works, please see our Patch Management Q & A. Atera's Patch Management gives you total administrative control over all your customers’ patches, from within the platform.

To set up automated Patch Management:

1. From Admin, click on Patch Management and IT Automation.

2. Select Add Profile (bottom, right of the page) to create an IT Automation profile.

3. Enter a name for the profile, and click Save. The Edit Automation Profile screen appears.

4. Check the boxes of the patches you wish to install and the automations you wish to include.

Categories include:

• OS Patch Management (Includes critical, security, service packs, drivers and tools (this category includes Office and tools updates as well as drivers such as Java and Adobe), and Mac OS updates).
• OS Excluded Patches (You can exclude certain OS patches).
• Software Patch Management (Software patches are installed via Chocolatey for Windows and Homebrew for Mac package managers. Learn more)
• Software Excluded Patches (You can exclude certain software patches).
• Software Bundle (You can attach a software bundle, for automated installation. Learn more)
• Upgrades (upgrades to the latest Windows 10 version).
• Disk Management (Defragment or run Checkdisk).
• Maintenance (Create a system restore point, delete temp files or internet history, reboot, or shutdown).
• Scripts (You can attach scripts, to have them run with the automation profile. Additionally, you can edit variable values (when applicable), enabling you to run the same script with different variables).

To install the patches immediately:

Select Execute Now (top of page).

To choose a weekly and/or monthly automation schedule:

a. After selecting the patches you wish to install, click on Weekly or Monthly (top of page).

b. Then click the  icon, and set your desired schedule.

c. Click Apply.

To automatically run the profile upon new agent installation:

Check the checkbox next to Run the profile on newly installed agents 

Note: If you wish to schedule the automated Reboot or Shutdown (under Maintenance), we strongly recommend creating separate automation profiles for these, as they may disrupt other selected actions on a profile.

5.  You can exclude certain patches. It can be used for excluding problematic patches after trying them out on a demo or test environment for several days. For more information, refer to the section, How Can I Exclude Patches From The Automation Profile

6. Optionally, you can add email addresses (technician's/customer's) to receive detailed reports of patch installation success (or failure), each time, after an automation runs.  

7. Select Save to save your newly created automation profile.

Notes:

• Patch automation will run at the time setup in Atera under Admin > Settings > General > Time zone. 
• Windows Optional updates cannot be patched automatically through an IT Automation Profile; these can only be installed manually as long as the patch is made available through WUA API which Atera is communicating with. 

8. Apply the profile to your customer(s) or a specific Agent. See: Apply an IT Automation Profile to your Customer(s) or an Agent (below).

Apply an IT Automation Profile to your Customer(s) or an Agent

Once you have created an IT Automation profile, you'll need to apply it to your customer(s) or a specific agent.

To apply an IT automation profile to an agent:

1. Click on an agent. The Agent Console appears.

2. Under Profiles > IT Automation profile, click Manage. The Select IT Automation Profile dialog box appears.

3. Select the IT automation profile from the Attach new Profile drop down menu, and click Apply. The automation profile is now applied to the agent.

To apply an IT automation profile to your customer(s) or multiple agents:

1. Click on Devices. The Devices page appears.

2. Check the box(s) to select all your agents, or specific agents.

3. Click on the    (Assign IT Automation Profile) icon above.

4. Select the IT automation profile you created, from the dropdown list.

5. Click Apply. The IT automation profile is now applied to your agent(s).

Note: You can also apply the automation profile, to all or some of your customers, directly from the automation profile itself.

To apply the automation profile to customers:

1. Go to Admin (on the side panel) > Patch Management and IT Automation.

2. Click the profile you wish to assign.

The Profile page appears.

3. Click on Applied to, in the gray box, on the left.

The Profile Relations screen appears. 

4. Click on Add Customer(s), and select the customers you wish to apply the profile to. You can select some or all of your customers.

 5. When done with your selections, click Save.

 The profile is now applied to the selected customer(s).

The profile can also be applied to specific devices (agents) and can be removed from customers and agents as well. Learn more about applying and removing profile assignments.

Check out this video that explains the process of setting up Patch Management and IT Automation.