Hi, I just started creating different groups based on OS and core business functions, and came to realise that you can not really automate based on those filters, automation is based on policies. I can run a policy for all devices affected to it, but can not run all policies affected to a group. Am i missing on something, or is Automox just not built this way, and that is possible room for improvement ?
Page 1 / 1
Great question! In general you can think of it as policies define what runs, while groups define which devices those policies apply to. Keep in mind that you can assign a policy to multiple Groups.
To help get the most out of groups and policies, here are two useful resources:
-
Configuring Groups Course — a short lesson on setting up and organizing groups effectively. -
Onboarding Webinar: Configuring Patches — a guided walkthrough on creating and managing patch policies.
These should give you a solid foundation for structuring your groups and policies.
Please let me know if you found this answer useful.
- Yaz
Hi, I will rephrase.
Current way it works: Assign policy to group. Run policy
Limitations: If 3 groups have the same policy assigned to them, and I want to run the the policy on only 1 group, it would seem that we can not do so. It would run the policy for all assigned groups. I could create a seperate policy for each group, but its not ideal.
Ideal: In the group page, or as an action when selecting the group, option to run all assigned policies.
Is this doable, or should we request the feature ?
I would use Device Targeting for this. Label each device in grp A, B, C etc with a Tag that is “Grp A” etc etc. Then in your policy if you only want grp A, flip device targeting on, select tag is equal to Grp A and Bob’s your uncle.
You can confirm what devices will be hit using the “Preview Impacted Device” bubtton, it should only populate with the Grp A devices!
I would use Device Targeting for this. Label each device in grp A, B, C etc with a Tag that is “Grp A” etc etc. Then in your policy if you only want grp A, flip device targeting on, select tag is equal to Grp A and Bob’s your uncle.
You can confirm what devices will be hit using the “Preview Impacted Device” bubtton, it should only populate with the Grp A devices!
Hi, thanks for the follow up and the idea ! I’ll look into that, but from a first glance, this still leads to the policy being the central tringer point, leading to having to create 10 different policies for each targeted grp. One central button to run all assigned policies to for the devices in the group would be great. Something similar is the “run on this device “ button in the device page, letting you run an assigned policy manually, only for the specific device. Having the same button, but on the group page, letting you run the assigned policy for the entire group, would be useful. Having one button to run all assigned policies only for the devices in the group would be even better.
You shouldnt need one for each tag. For instance here is a policy I have for OS level updates to my canary servers. You can see I have three grps, those grps contain every server both test,prod and canary. Using the targeting I can select the Canary tag, and today I just want to update my App severs so I add in 1 more tag, once I hit save and run it the policy only runs on the servers tagged canary and App Server! 
While not the way you are thinking, which also makes sense, it does knock out your need! (BTW I would totally submit that as a feature request!!)
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.