Create Patch Management Policy

Orchestrate and execute patch management workflows with Action1. In addition to on-demand patch delivery, Action1 enables you to automate patch management process and tailor it to your corporate update policy. Implementing automated patch deployment policy strengthens overall security and ensures critical updates will not fall through the cracks. The stable updates typically become available in Action1 within two days after release.

Set up Automated Patch Management Policy

Action1 enables you to roll out updates automatically with a patch management policy (select + New Policy on the Policies page). Turn a sample IT policy into a dedicated operating system patch management policy, Firewall policy, or application patch management policy. All updates will be distributed to remote endpoints you’ve picked when it is right for you. Roll out updates in a time slot that is the most convenient both for system administrators and remote users, for example, on Tuesday night.

To Create an Automatic Patch Management Policy

1. Navigate to the Policies  page and select New Policy / Deploy Update.
2. On the Deploy Update step, first select updates for distribution.
   • All — to install all updates, irrespective of their severity or status.
   • Matching filters— to install the updates that match your search criteria. Add filters such as update source, update severity, etc. You can add several filters and Action1 will search for and deploy updates that match them all at once (logic AND). Within each filter, you can provide several values, Action1 will search for any of them (logical OR). The values can be included or excluded. For example, search for and deploy updates that are coming from Adobe or Google but which severities are anything except Low and Moderate.
   • Only selected — to install specific updates you’ve picked.

3. Fine-tune your patch management policy:
   • Automatically approve and deploy all matching updates / Require manual approval of updates — define if you need updates to be explicitly approved before they can be scheduled for distribution. Otherwise, you can set the time period to wait before automatically installing an update.
   • Reboot options — skip or allow rebooting. You can configure the offset and notification for a user whose computer is going to be restarted.
   • Deactivate updates in Windows settings — check it to disable Windows Update and push patches and KBs via Action1 only.
4. On the Select Endpoints step, pick the applicable managed endpoints. Add endpoints one by one, or select a group or all. You can create a server patch management policy that applies to all endpoints or just the most critical ones.
5. On the Frequency step, add a policy name (e.g., “Automatic Patch Management”) and define the delivery schedule. Patches can be pushed once a month or every week on certain days. Select the time that works best for your team. Set a timeframe to retry update delivery for the powered-off or disconnected endpoints. Make sure the timeframe doesn’t exceed the frequency of the policy execution, i.e., don’t set it to 3 days for policies running on a daily basis.
6. Select Finish.

How Does Automatic Patch Management Policy Work Once You Enable It?

There are two steps or components of a patch management policy. Optionally, a technician reviews and approves patches on the Update Approval page. Then, Action1 delivers updates to your endpoints based on the schedule you set.

Patching does not need any supervision or manual deployment steps. You can always check results in the Built-in Reports / Windows Updates / Update Statistic report as well as on the Policies / History page. Action1 takes care of the endpoints that are unavailable or offline and serves them later. The policy helps you verify that your endpoints are up-to-date and compliant with your corporate requirements.

Orchestrate Workflows: Approve and Decline Updates

If your process requires supervision and patch review before distribution, pick patches and select Approve or Decline. Action1 automated patch management solution enables you to filter out pending patches by severity as well as by status. Approved updates can be installed instantly or you configure your software patch management policy to automatically deliver them.