Best practices and automations around patch management in Atera
Looking to learn more about patch management? You’re in the right place! This webinar recap puts patch management under the microscope, including ad-hoc patching, automation opportunities to stay up to date on patch management schedules, reporting on patch management, and more.
Do your end-users skip or ignore patch management? You’re far from alone! Many customers skip necessary updates, leaving them vulnerable to security threats and malware. As an MSP, if something happens – the buck stops with you. Taking control over patch management on their behalf is a smart move, and a great value add. You can be proactive around securing your customer’s environments, keep your SLA, and take that worry off management’s hands. As you’re in control over patches and updates, you can use your knowledge and insight to block anything suspicious and keep an awareness of everything being installed in their environment.
Finally, you’re also in the driver’s seat for the performance of their IT environment, keeping it lightning-fast, which is always going to make you the most popular person in the room.
Let’s say there’s a new security patch available, and you want to install it outside of the schedule. Head to the device, and you’ll be able to see under Patch management exactly which patches are available. You can see the patch name, the product, the type of update and its severity, and the size of the patch, too. Hidden patches will be those which are blocked by Microsoft so can’t be installed on Atera. We added a smart filter for whether a reboot is required, to ensure you don’t impact business continuity. Click install, and you’ll see the status switch over to pending, and then quickly to downloading and complete.
From the main Devices menu, you can filter to see devices that require patches, to get a bird’s eye view of what needs to be done. Scroll down to advanced filters, and you can see all available KBs, checking by alert severity, customer, device type, and more. Save this as a View, and you’ll have quick access to these patch requirements as and when you need this visibility.
IT automation profiles
From the Admin page, you can manage IT automation profiles in a really granular way, letting you apply patch management to run behind the scenes for each customer. Head to Admin, Patch management, and then IT automation profiles. Click Add a new profile, and enter a unique profile name. You’ll be taken to a page where you can curate your policies according to your business requirements. Toggle on which patches you want to auto-install, including OS patch management, software patch management via Chocolatey for Windows and HomeBrew for Mac, disk management, service packs drivers and tools, and upgrades.
You can choose exactly how you want to schedule automation, for example scheduling updates for every week on a Thursday at 6 am, when you know end-users are less likely to be using their devices. Check out the options for maintenance as well, such as deleting temporary files, giving the system a reboot or shutdown, or creating system restore points. You might want to create a separate IT automation profile for these tasks at another time.
Top tip: Use the “send email” function on the left-hand side of the IT automation profile to send an update email to the right stakeholder, letting technicians or clients know that patch management has been completed.
Reports for patch management
Reporting is an important part of staying on top of customer environments and also showing value to the customer, and we allow these reports to be generated manually or automatically sent to technicians or customers.
At Atera, use the Patch Automation and Feedback report to display the patch management processes that have taken place under specific IT automation profiles, viewing how many actions have failed and succeeded.
Patch, Search and Deploy is a second report which allows you to search for patches, for example for unpatched devices, either by a specific customer or across your whole business. You can install patches directly from the report, for ease of use.
Have you tried using the Patch Status Summary report? This can allow you to drill down into a certain type of patch, such as critical updates, showing you that everything is up to date on desktops and servers. This can be a powerful way to show customers that you’re working behind the scenes to keep their environment secure.
Export reports as an Excel or a PDF for your own records or to pass them on externally to a manager, investor, partner or customer.
Our patch management webinar was a blast! If you want to see the live demo for yourself and learn more about IT automation profiles and best practices for patch management, you can watch the live event (and hear the Q&A!) here. Until next time!