Curious to see how many different policies and groups everyone has setup in their console - also include how many endpoints those cover!
As of today, 3 policies, 8 groups and 40 end points. Still pushing out the Automox client to more devices.
6 policies, 7 groups and 167 endpoints.
17 policies,36 groups,1800 endpoints
WHOA! Please tell me you are part of a team and not one-person IT shop.
2 policies, 11 groups, 224 endpoints
I manage Automox for my organization, but am part of a larger IT department.
10 organisations, 6-8 policies per, 4-6 groups per, 600 endpoints total. Hoping to get a couple more clients to transition this year to take the count to around 1000
That’s a lot of separate organizations - how come you have them broken out that way?
Simply - because we support a lot of organisations! The company I work for has a mixture of ~20 SMB’s/SME’s on the books and we have half of them now on Automox.
Separate organisations for us is the easiest way to keep a track of each of our clients needs as we have quite a broad spectrum (our clients are in multiple areas of industry). Overall, whether it be using Automox for the sole purpose of patch management or using it to generating reports to assist with Cyber Essentials training or ISO 27001 compliance. It’s been very useful to us!
That makes sense, if you’re working as an MSP. From your point of view, what could we add to the console, to make your life easier when supporting multiple different companies?
Wow, you seem like someone I would love to talk to as we get ready to deploy to our 3000 devices. Currently trying to finish up our pilot phase. Shoot me a private message if you would be up for a zoom call, would love to pick your brains a litle.
36 Active Policies
How are you folks getting away with such small amount of policies? Interesting… I might have to rethink the way I’m managing automox…
(across win, linux, aws stuff and a small amount of macs)
Hey rmatthews, Maybe we can both learn something from each other. Do you want to shoot me a direct message with you email? I can shoot you a few timeslots that we can sync with.
I’ve talked to customers who started out with a complex setup and then simplified things down over time. Most commonly people divide their groups by operating system to simplify things. Maybe tell us more about your environment and how it’s setup? The goal is to only have as much complexity as is necessary for your environment requires.
We’re fairly early in our implementation, but currently supporting 5 different Orgs, ~1500 endpoints spread across those, ~40 device groups, and ~15 or so active policies.
Post-implementation (by this time next year) we’re hoping to have expanded this to 10+ orgs (we’re an MSP), 13k+ endpoints, and will probably end up with 400+ device groups with hopefully not that many policies
Sure @Nic, ah so currently we have each department in our org that gets they’re own “patch night” so thats basically 13 groups right there. Then my linux guys do their own thing (no clue how they are managing groups). Two tiers of windows servers.
As far as policies go - again they have to be matched with their group counterpart as each dept. has to be patched on a separate night. There are a few business needs that I agree with (like finance can’t get patched on payroll night, dev servers on build nights) but for the most part, I would like to overhaul how we do patching to make it simpler. The rest of the policies contain nightly / weekly non-rebooting patches to keep our vuln scanner from being too upset.
That makes sense and it is a common pattern where the technical complexity is driven by business decisions such as each department having their own patch window. If you could get the political clout to make them all settle on one window across the company that would simplify things a lot for you. Unfortunately those sorts of changes generally only happen after a major incident. As the saying goes, never let a good crisis go to waste
That being said, there might be some simplifications possible with your current setup. Have you had our support team look at your setup to see if there’s any suggestions they have? They look at a lot of different company setups and might have some tips and tricks to reduce down some of the policies you have.