Patch Management in Minutes with Action1
Action1 reinvents patch management with an infinitely scalable and highly secure platform configurable in 5 minutes that just works. With integrated real-time vulnerability discovery and automated remediation for both third-party software and OS, peer-to-peer patch distribution, and IT ecosystem integrations, it ensures continuous patch compliance and reduces security and ransomware risks – all while lowering costs. Action1 is certified for SOC 2/ISO 27001 and is trusted by thousands of enterprises managing millions of endpoints globally.
This quick-start guide shows how to enable patch management for third-party apps and OS in under 5 minutes.
Looking for a Quick Start Guide for macOS? Click here!
Step 1: Add Endpoints
Step 2: Manually Review and Deploy Patches
Step 3: Automate Deployment of Critical Updates
Step 4: Generate Patch Compliance Reports
Step 1. Add Endpoints
Before you can start patching your endpoints, you need to install the Action1 agent. It is a lightweight application with a minimal system footprint, which remains idle unless an endpoint needs patching or a status refresh.
To deploy Action1 agent:
- In the Action1 console, navigate to Endpoints and click Install Agent.
- Click Download Agent. The downloaded setup will be preconfigured with connection parameters specific to your organization.
- Install Action1 Agent:
-
- For Windows endpoint: follow the steps of the installation wizard. The agent is installed under the LOCAL SYSTEM account into %WinDir%\Action1 folder as a service called Action1 Agent.
NOTE: On the final step, the setup may ask to elevate the privileges to complete the installation. - For macOS endpoint: locate the downloaded script named action1_agent_YourOrganizationName.sh and copy the script name with the extension. Then launch the Terminal app and run the following command, providing the script name:
bash {script_name}
This will automatically download and start the Action1 agent setup.
Follow the steps of the Agent setup wizard. The agent is installed under the administrative account in the /usr/local/action1 directory and operates as a daemon.
- For Windows endpoint: follow the steps of the installation wizard. The agent is installed under the LOCAL SYSTEM account into %WinDir%\Action1 folder as a service called Action1 Agent.
-
- Check Connection Status. Return to the Action1 Console and wait for the Action1 cloud connection check to complete.
- Navigate to the Endpoints page to verify that the target endpoint is shown there. This page will display all system information for the endpoint, such as missing updates, installed software, and hardware details.
Try later: for bulk deployment on multiple endpoints, use Microsoft Intune, Group Policy, or another deployment tool.
Step 2. Manually Review and Deploy Patches
All endpoint information, including missing patches, installed software, and OS details is refreshed in real time. You don’t need to schedule periodic assessments to determine if any updates are missing.
To review and deploy patches manually:
- In the Endpoints page, click on the endpoint name.
- Go to the Missing Updates tab and select the updates you want to deploy. All applicable updates — including both for OS and third-party applications — will be shown in a single view, including the update type and security severity.
- Click Deploy Update to start the update wizard. It will prepopulate the list of selected updates in Step 1.
- Adjust the Reboot Options as needed. By default, the users will have up to 60 minutes to save their work if any of the updates require a reboot.
- Click Next Step twice to proceed to the scheduling options. For testing purposes, leave the default Run Now option selected and click Finish.
Action1 will begin deploying the selected updates and will report progress and results in real time.
Try later: Check out the Vulnerabilities view to remediate vulnerabilities.
Step 3. Automate Deployment of Critical Updates
Automate patch and vulnerability management routines to ensure compliance of your endpoints.
To automate the deployment of critical security patches for OS and apps 3 days after they are released:
- Navigate to Automations, select New Automation, and click Deploy Update.
- On the Deploy Update step, select Matching Filters.
- Click Add filter, select Update severities, and select Critical.
- Below the filters, click Additional options, select Automatically approve and deploy all matching updates, and enter 3 days as the delay parameter.
- Adjust the Reboot Options as needed, similar to the previous step.
- Click Add Endpoints to select the endpoints or groups to include in this automation.
- On the Schedule step, specify when the automation should run — for example, weekly on Sundays and Saturdays at 2 AM.
Try later: create another automation that requires manual approval of updates and use the Update Approval section to selectively approve or decline updates. Another option is to create a broader automation to include updates beyond critical severity.
Step 4. Generate Patch Compliance Reports
Action1 comes with a real-time patch compliance dashboard and live reports to facilitate periodic reviews of your security posture and assist with compliance audits.
To generate and subscribe to reports:
- Navigate to Dashboard for a birds-eye view of your endpoints’ health state, including vulnerability remediation compliance, pending deployments, required reboots, etc.
- Go to Built-in Reports | Patch Management to generate reports on daily and weekly patch statistics, missing updates, required reboots, and other patching metrics.
- Click Tools | Subscribe within any report to schedule email delivery (e.g., every Monday).
Next Steps
Action1 offers a broad range of capabilities to further streamline your patch management workflows. Once you are familiar with the basics, consider exploring the following features:
Leverage app-based multi-factor authentication
Multi-factor authentication (MFA) provides enhanced protection for user accounts by adding an extra layer of verification. While email-based MFA is enabled by default, Action1 strongly recommends using app-based MFA for increased security. You can use, for example, Google Authenticator, Twilio Authy, Duo Mobile, or Microsoft Authenticator. For details, see Multi-factor Authentication.
Create endpoint groups
Segment endpoints by server role, OS version, location, department, or other criteria to apply customized automation rules. Navigate to Endpoints and click Create Group. For details, see Endpoint Groups.
Inventory of installed software
Go to the Installed Software section to see a list of applications installed on your endpoints, along with their version details and update availability. For details, see View Installed Software.
Deploy applications
Remotely install and configure applications using the pre-configured packages available in the Software Repository. Select one or more endpoints and click Deploy to Endpoints to begin. To deploy custom applications, go to Software Repository and click Add to Repository. For details, see Deploy Software.
Uninstall applications
Manually remove outdated or unnecessary applications, or automate the process. Select one or more endpoints and click Uninstall Software, or create an Uninstall Software automation to streamline automatic uninstalls. For details, see Automation with Action1.
Run scripts
Use the Script Library to perform remote management tasks, such as blocking Windows Feature Updates, deleting temporary files, and more. You can also add your own scripts to the Script Library. For details, see Script Library.