Hello Hadrnero,
First I want to say this is a great idea. It would be very useful to be able to know when all systems running a policy finish the run of that policy (success or fail). Unfortunately there is not a way out of the box with Automox. I would like to write up a feature request for this so I would like to ask a few questions if you don’t mind.
Would you like to have Automox report when all devices finish the policy or would it be easier to know when a group of systems finishes the policy? The way I was thinking about it is if the group reports back when all the devices finish the policy it would report completion in stages. I.E. Group 1 finished the policy and then a few minutes later Group 2 finished the policy. Something like that. Would this be more of what you would like or would you like for you to be notified for all devices only being completed? Or both?
Definitely would throw my vote on this one, let me know when it hits the product planning board thing. I think one of automox’s weakest points is reporting and slack notifications. Would love to see some backend work done on this type of stuff
Hey Brandon! Thanks for the response!
Device Group Notifications
By far, we would get the most value out of a Device Group level notification. Our Device Groups each represent different segments of our customers who have individual notification destination requirements. We’re currently creating individual Policies per Device Group to ensure we can understand when the Group has completed, but Group-level notifications could potentially enable us to merge Policies that are the same in scope and execution time but targeted at different customer’s Groups further simplifying our deployment while still allowing us to understand and notify when an individual customer’s Group has completed.
Example:
Policy A > Device Group A for Company A (ABC Application Team)
Policy B > Device Group B for Company A (XYZ Application Team)
Policy C > Device Group C for Company B
All three Policies have the same patching scope and execution schedule, but each Device Group is owned by a different Company or customer segment within the Company thus requiring separate notifications.
Policy Notifications
However, I could see this also being valuable from a Policy perspective at certain times where we need to execute 0-day patching across a lot of systems in different Groups, have Policies set to execute against multiple Groups, or need to understand when an ad-hoc Policy or Worklet has completed across multiple Groups.
Example:
Searching for a specific KB on the Software page, I can see 600 devices are impacted. Automox gives me the ability to ‘Patch Now’ - I want to know a summary of when those 600 devices have completed and which ones the patch failed on so we can immediately begin further remediation or communicate to customers/leadership that the security impacts have been resolved. I believe this would currently be a blast of 600 emails, some of which would be ‘Patches Applied’ and some ‘Patching Failed’, or waiting a while and rechecking the Software page and pulling a report of systems that are still outstanding. This use case is waaay less often than our recurring patch schedules, but would still be very useful.
This Policy-level notification may be supplemented with future Automox enhancements to do Multiple Device/Dynamic Groups - we could build a Dynamic Group to execute 0-day patches or software deployments and then leverage the Group-level notification to understand completion status instead of relying on our out-of-box execution process and individual Policies per Group. Using the above example, a Dynamic Device Group could be created for all Devices with the KB showing relevant with the notification set at that Dynamic Group level.