Action1 5 Documentation 5 Create Patch Management Policy

Create Patch Management Policy

 

Orchestrate and execute patch management workflows with Action1. In addition to on-demand patch delivery, Action1 enables you to automate patch management process and tailor it to your corporate update policy. Implementing automated patch deployment policy strengthens overall security and ensures critical updates will not fall through the cracks. The stable updates typically become available in Action1 within two days after release.

 

Action1 lists all missing software updates

Set up Automated Patch Management Policy

Action1 enables you to roll out updates automatically with a patch management policy (select New Policy). Turn a sample IT policy into a dedicated operating system patch management policy, Firewall policy, or application patch management policy. All updates will be distributed to remote endpoints you’ve picked when it is right for you. Roll out updates in a time slot that is the most convenient both for system administrators and remote users, for example, on Tuesday night.

To create an automatic patch management policy:

  1. On top of the Action1 console, select New Policy / Deploy Update.
  2. On the Deploy Update step, first select updates for distribution.
    • All to install all updates, irrespective of their severity
    • Critical only to install the most relevant updates
    • Specific to choose updates manually
  3. Configure additional options:
    • Require update approval define if you need updates to be explicitly approved before they can be scheduled for distribution. Otherwise, you can set the time period to wait before automatically installing an update.
    • Reboot options skip or allow rebooting. You can configure the offset and notification for a user whose computer is going to be restarted.
    • Deactivate updates in Windows settings  check it to disable Windows Update and push patches and KBs via Action1 only.
  4. On the Select Endpoints step, pick the applicable managed endpoints. Add endpoints one by one, or select a group or all. You can create a server patch management policy that applies to all endpoints or just the most critical ones.
  5. On the Frequency step, add a policy name (e.g., “Automatic Patch Management”) and define the delivery schedule. Patches can be pushed once a month or every week on certain days. Select the time that works best for your team.
  6. Select Finish.

How does automatic patch management policy work once you enable it?

There are two steps or components of a patch management policy. First, a technician reviews and approves patches on the Update Approval page. Then, Action1 delivers updates to your endpoints based on the schedule you set.

Patching does not need any supervision or manual deployment steps. You can always check results in the Built-in Reports / Windows Updates / Update Statistic report as well as on the Patch Management / History page. Action1 takes care of the endpoints that are unavailable or offline and serves them later. The policy helps you verify that your endpoints are up-to-date and compliant with your corporate requirements.

The Update Statistic report displays endpoints with their last update dates

Orchestrate Workflows: Approve and Decline Updates

If your process requires supervision and patch review before distribution, pick patches and select Approve or Decline. Action1 automated patch management solution enables you to filter out pending patches by severity as well as by status. Approved updates can be installed instantly or you configure your software patch management policy to automatically deliver them.

Update approval window