Automox Compliance

How does compliance work in Automox?

Compliant and Ready Statuses and their Meanings

You can view the device, connection, and policy status of a device from the Device Details page. The statuses and meanings are described in What the Statuses Found in the Automox Console Mean. See also Device Details.

The Device Details page will show the current status, as in this example:

A policy is Compliant when it has no Scheduled Patches or failed remediations.

A device is labeled as Ready when it has no command impacting the device. 

Any device that has a scheduled patch count greater than zero will fall into the Ready status until it is actually running when it shows a status of either Installing or Working. This can change a device from Compliant to Non-Compliant as soon as a new patch is detected--assuming that the new patch is applicable to the device’s patch policies.

Scheduled Patches vs Installed Patches

Scheduled Patches are the number of patches that are available to a device and are applicable to its current policy assignments and policy rules.

Note: For a patch to be counted as Scheduled, the patch policy must have a Policy Status of Active (On). Policies that are set to Inactive (Off) are not considered in this count. See also Creating a Patch Policy.

Installed Patches are the number of total patches currently available to a device (awaiting update) regardless of policy assignments or filters. 

What Does This Mean for Me?

Device, Policy, and Connection statuses are updated once per scan and are based on the latest software inventory and policy settings. This takes into account anything that has changed since the previous scan of the device. 

When new patches are detected, the Policy status will change. The Device status is Ready until any processes are started, such as installing. 

Example of different device statuses using three devices

  • Device A has a Patch All policy
  • Device B only has a Patch by Critical Severity policy
  • Device C has no policies

The devices are all currently Compliant. Device C will also show a status of Unmanaged because no policies are associated with it. 

A new patch releases with a severity rating of Low:

For Device A, the Policy Status shows Non-Compliant. The Device Status will show Installing when the policy is remedying. The patch is installed the next time the policy runs on schedule. This device’s entry in the Device page list shows 1 under Scheduled Patches and 1 under Total Patches. After the policy runs, the Policy Status shows Compliant.

For Device B, the Policy Status remains Compliant. This new patch is not applicable to its associated policy and will not be installed. Since the patch isn’t relevant to this device’s policy rules, it is considered Ready. This device’s entry in the list shows 0 under Scheduled Patches and 1 under Total Patches. 

For Device C, the Policy Status also remains Compliant. The Device Status shows Ready. With no associated or enabled patch policies, no patches are considered to be Scheduled. This device’s entry in the list also shows 0 under Scheduled Patches and 1 under Total Patches.