WSUS Deprecation: Your Next Move in Patch Management

This Wednesday | 12 PM EST / 11 AM CET

Action1 5 Documentation 5 Automate Patch Management

Automate Patch Management

 

Orchestrate and execute patch management workflows with Action1. In addition to on-demand patch delivery, Action1 enables you to automate patch management process and tailor it to your corporate update policy. Implementing automated patch deployment strengthens overall security and ensures critical updates will not fall through the cracks. The stable updates typically become available in Action1 within two days after release.

 

Update Approval view

Set up Patch Management Automation

Action1 enables you to roll out updates with a patch management automation (select + New Automation on the Automations page).  All updates will be distributed to remote endpoints you’ve picked when it is right for you. Roll out updates in a time slot that is the most convenient both for system administrators and remote users, for example, on Tuesday night.

  1. Navigate to the Automations  page and select New Automation/ Deploy Update.
  2. On the Deploy Update step, first select updates for distribution.
    • All to install all updates, irrespective of their severity or status.
    • Matching filters— to install the updates that match your search criteria. Add filters such as update source, update severity, etc. You can add several filters and Action1 will search for and deploy updates that match them all at once (logic AND). Within each filter, you can provide several values, Action1 will search for any of them (logical OR). The values can be included or excluded. For example, search for and deploy security updates that are coming from Microsoft or Google but which severities are anything except Low.
    • Only selected to install specific updates you’ve picked.
Creating patch management automation - step 1
  1. Fine-tune your patch management automation:
    • Automatically approve and deploy all matching updates / Require manual approval of updates  define if you need updates to be explicitly approved before they can be scheduled for distribution. Otherwise, you can set the time period to wait before automatically installing an update.
    • Reboot options skip or allow rebooting. You can configure the offset and notification for a user whose computer is going to be restarted.

Learn how Action1 handles reboots

Logged-in Users: If a user is logged in, even through there is a non-interactive session (such as a remote terminal server session), Action1 will show a reboot prompt in that user’s logon session. This provides an opportunity for the user to postpone the reboot, up to the maximum time configured in the Action1 policy settings.

Locked Sessions: If the session is locked, the reboot prompt will still be displayed. The user will see this prompt immediately upon unlocking their session.

Multiple Users: In scenarios where multiple users are logged in, each user will receive their own reboot prompt within their logon sessions. Any one of these users can permit the reboot to proceed; it doesn’t require approval from all users.

No Users: If no one is logged in, Action1 will proceed to reboot the system immediately without displaying any prompts.

  • Deactivate updates in Windows settings  check it to disable Windows Update and push patches and KBs via Action1 only.
  1. On the Select Endpoints step, pick the applicable managed endpoints. Add endpoints one by one, or select a group or all. You can create a patch management automation that applies to all endpoints or just the most critical ones.
  2. On the Schedule step, add a name (e.g., “Patch management”) and define the delivery schedule. Patches can be pushed once a month or every week on certain days. Select the time that works best for your team, for example Tuesday morning. Set a timeframe to retry update delivery for the powered-off or disconnected endpoints. Make sure the timeframe doesn’t exceed the frequency of execution, i.e., don’t set it to 3 days for automations running on a daily basis.
  3. Select Finish.
Patch management - step 3

How Does Automatic Patch Management Work Once You Enable It?

There are two steps or components of a patch management automation. Optionally, a technician reviews and approves patches on the Update Approval page. Then, Action1 delivers updates to your endpoints based on the schedule you set.

Patching does not need any supervision or manual deployment steps. You can always check results in the Built-in Reports / Patch Management/ Update Statistic report as well as on the Automations / History page. Action1 takes care of the endpoints that are unavailable or offline and serves them later. The automation helps you verify that your endpoints are up-to-date and compliant with your corporate requirements.

Orchestrate Workflows: Approve and Decline Updates

If your process requires supervision and patch review before distribution, pick patches and select Approve or Decline. Action1 automated patch management solution enables you to filter out pending patches by severity as well as by status. Approved updates can be installed instantly or you configure your software patch management system to automatically deliver them.

Approval status