Atera’s Patch Management and IT Automation lets you perform a variety of crucial support tasks including patching, software bundle installation, Windows version upgrades, disk management, maintenance, automated scripting, and more. An automation profile with any of the above tasks can be scheduled to run one-time, weekly, monthly, or flexibly.

Create new automation profile

To add a new profile:

1. Go to to Admin > Monitoring and automation > Patch management and IT automation.

The Patch management and IT automation page appears.

2. Click Add Profile. 

The Add patch and IT automation Profile pop-up appears.

3. Enter a name for your profile and click Save.

4. Click on the name of your profile in the Profile Name column to set up your profile.

Configuration

Set up your IT automation profile and manage how patches, software, maintenance, and scripts are applied across your devices.

Profile settings

Edit profile name, activate or deactivate profile, and configure activity settings including time zone and offline agent behavior preference. Also choose whether to run the profile on newly installed agents before the next scheduled activity, and add email recipients for Patch & Automation Feedback reports.

Activity Settings

Time zone

Select the time zone preference for scheduling the automation profile.

The following options are available:

• Device local time: Schedules profiles to run based on each device's local time zone, making it easier to manage devices spread across multiple locations via a single profile. 
• Account time zone: Schedules profiles to run based on your account time zone (displayed in Admin > My account > Account settings > General).

Note:

• The default time zone setting is 'Account time zone'.
• Profiles with 'Device local time' selected show Patch and automation feedback report information only after the profile has run locally.
• Profiles with 'Device local time' selected will not display the next scheduled execution time under 'Next execution time'. This is because the profile will run at different times, according to each local device's associated time zone.
• Switching between ‘Device local time’ and ‘Account time zone’ deletes all one-time schedules. This means you’ll need to reschedule them after updating the time zone settings.
• Profiles with 'Device local time' selected won’t run on devices without time zone information. You can review a device's time zone information in the Overview tab in the Agent console. 

Offline agent behavior preference

Determine what happens when a profile is scheduled to run and you have offline devices. Queued tasks will execute once the device is back online or expire after a set duration, following either profile-specific or global default settings.

The following options are available:

• Online agents only: Scheduled automation profiles will run on online agents only and will not be queued for offline agents.
• Queue for up to 1 hour: Scheduled automation profiles will run if agents come online within 1 hour.
• Queue for up to 1 day: Scheduled automation profiles will run if agents come online within 1 day.
• Queue for up to 1 week: Scheduled automation profiles will run if agents come online within 1 week.
• Queue for up to 2 weeks: Scheduled automation profiles will run if agents come online within 2 weeks.
• Queue for up to 1 month: Scheduled automation profiles will run if agents come online within 1 month.

For example, if the profile is set to "Queue for up to 1 day (default)":

• This means tasks will remain in the queue for up to 24 hours, waiting for the device to come online.
• If the device reconnects within the the specified time, the tasks will execute automatically.
• If the device does not come online within the specified time, the tasks will not be executed.
• An option marked as "(default)" refers to the global setting configured on the Patch Management & IT Automation page. The execution setting configured at the profile level will override the global setting, unless you have specifically selected the global option within the profile. For more information, see Patch and automations settings for all profiles

OS patch management

Set OS patching tasks, reboot behavior, and Windows upgrade options.

Install all Windows patch updates

Note: Windows Optional updates cannot be patched automatically via automation profiles. They can be installed manually if the patch is available through WUA API, which Atera interacts with.

Critical updates

Critical updates include fixes for non-security problems that can negatively affect your system's compatibility, performance, and interoperability.

Note: Any updates hidden on Windows OS will not be installed by Atera (even when selecting the 'Install all Windows patch updates' option.

Security updates

• Security updates: Address vulnerabilities to keep your system secure.
• Definition updates: Keep Windows Defender updated with the latest security patch definitions.
• Update rollups: A bundled set of updates for security and reliability that require immediate deployment.

Service packs

• Service pack updates: Enhance security and performance, and provide compatibility for new hardware types.
• Feature packs: Deliver both fixes and new functionalities, along with performance enhancements.
• Updates: Fix bugs that aren't related to security nor considered critical updates.

Drivers and tools

• Hardware driver updates: Keep your hardware running efficiently with the latest drivers to fix common issues and deliver stability and performance improvements.
• Office updates: Ensure your Microsoft Office suite is up-to-date with the latest productivity and security features.
• Tool updates: Provide updates to essential utilities and features that help users complete tasks more effectively.

Install all Mac patch updates

Recommended: Install recommended updates to maintain both security and stability on Mac devices.

Upgrade Linux packages

Upgrade all: Upgrade all installed packages on Linux systems to their latest available versions.

Reboot device

Reboot if needed: Trigger an automatic system reboot — when required — after patch installation, ensuring that updates are properly applied and active.

Note: Configuration policies override the "Reboot if needed" option found in IT automation profiles. For example, if you have set up a configuration policy with "Restart outside of active hours", the agent will reboot only after working hours have ended. Learn more

Upgrades

Upgrade to the most recent builds of Windows operating systems (10 or 11), prioritizing device compatibility.

Note:

• Windows upgrades take time, use network and disk resources, and may require multiple restarts. When both Windows 10 and 11 options are selected, the profile checks the device's eligibility and upgrades it to the latest compatible version.
• A valid license for the selected version is required.

Software

Update software via Chocolatey (Windows), Homebrew (Mac), and WinGet (Windows) to ensure your software has the latest features and security enhancements. No matter how the software was installed, if it's managed by Chocolatey, Homebrew, or WinGet, and a new version is available, it will be updated. You can also exclude specific softwares from being updated, giving you control over which versions are maintained in your environment. Learn more

Software bundle

Software bundles let you install multiple applications at once using WinGet, Chocolatey, and your private repository (Windows) or Homebrew (Mac).

Maintenance

Set device maintenance tasks for disk health, cleanup, and system actions.

Disk management

• Defragment (all disks): Reorganizes data on the disks to improve speed and efficiency.
• Run check disk (all disks): Performs a scan of all disks to report on their current health status, identifying any potential issues — without attempting repairs.

Maintenance

• Create system restore point: Safeguard the system by setting a restore point to revert to in case of an unexpected issue or update problem.
• Delete temporary files: Clear out temporary files to free up disk space and‌ improve system performance.
• Delete internet history: Clean browser history for privacy and to‌ enhance browser performance.
• Reboot: Safely restart the computer to complete updates or as part of routine maintenance.
• Shutdown: Allow for a scheduled shutdown of the system to conserve power or follow operational hours.

Note: 

• The Create System Restore Point task will not work if System Restore is disabled on the local machine.

• The Delete Temp Files task uses the SYSTEM environment variable to determine the temporary folder location. Depending on the operating system configuration, the task may clean files from different directories, such as:

  • C:\Windows\Temp

  • C:\Windows\SystemTemp

• Because the path is determined by the SYSTEM account environment variables, the exact directory may vary between operating systems.

• For optimal results during reboot and shutdown maintenance, we highly recommend creating individual automation profiles for each task.
• Configuration Policies override reboot tasks in automation profiles. For example, if you have set up a Configuration Policy with 'Restart outside of active hours', the agent will reboot only after working hours have ended.

Scripts

Enhance automation by attaching custom or predefined scripts to the profile. Tailor complex tasks with the flexibility to edit variable values, allowing the same script to run across different scenarios with unique parameters. For more information, see Add scripts to automation profiles

Patch approval

Configure settings for installing and excluding operating system updates on your end-user devices to allow greater control, adaptability, and security when it comes to critical, non-critical, and recommended updates. Learn more

Assignment

Once you have created an automation profile, assign it to a site, folder, or agent for it to take effect. Learn more

Once you have created an automation profile, assign it to a customer, folder, or agent for it to take effect. Learn more

Schedule

Determine when and how frequently your automation profile should run by adding and managing schedules. Learn more

More actions

After configuring an automation profile, you can run it immediately, clone it, or delete it. These actions are available from the top right of each profile's page.

Run now: Executes all tasks on the profile without affecting any existing schedules.

Clone: Creates a complete copy of the profile, excluding schedules. You can choose to include existing profile assignments.

Delete: Deletes and unassigns all customers and agents assigned to the profile.