Automation
Automate maintenance with scheduled policies and condition-based remediation.
Overview
Automation policies let you define maintenance workflows that run on their own — either on a schedule or in response to conditions on your devices. Each policy targets a group of devices and executes a sequence of actions.
Scheduled Policies
Run maintenance on a recurring schedule.
Schedule Options
| Frequency | Configuration |
|---|---|
| Daily | Runs at a specific time every day |
| Weekly | Runs on selected days of the week (e.g., Monday and Thursday at 2:00 AM) |
| Monthly | Runs on selected dates of the month (e.g., the 1st and 15th) |
All schedules use a configurable timezone.
Retry for Offline Devices
If a device is offline when a scheduled policy runs, you can enable retry — the policy will run the missed maintenance when the device comes back online, within a configurable time window (e.g., retry for up to 4 hours after the scheduled time).
Manual Trigger
You can also run any scheduled policy manually at any time from the policy detail page.
Condition-Based Policies (Remediation)
These policies trigger automatically when specific conditions are detected on a device. They're designed for reactive maintenance — fixing problems as they arise.
Available Triggers
| Trigger | When it fires |
|---|---|
| Health score drops below threshold | e.g., when a device's score falls below 50 |
| Disk usage exceeds threshold | e.g., when disk usage goes above 90% |
| Critical updates available | When major software updates are pending |
| Malware detected | When malware is found on a device |
| Stale patches | When OS patches haven't been applied within a number of days |
| Compliance failure | When specific compliance checks fail |
Cooldowns and Limits
To prevent policies from running too aggressively:
- Cooldown — Minimum time between executions per device (1 to 168 hours)
- Max daily executions — Maximum number of times the policy can run per device per day (1 to 10)
Policy Actions
Each policy defines a sequence of actions to execute. Actions run in order, and you can optionally require each step to succeed before the next one runs.
Available actions include all the commands you can run manually:
| Category | Actions |
|---|---|
| Scanning | System scan, registry scan, malware scan, privacy scan, service scan, debloater scan, network config check, event log fetch |
| Cleaning | Clean scanned items |
| Updates | Check/install software updates, driver updates, Windows updates |
| System repair | Run SFC scan, run DISM repair |
| Hardening | Apply privacy settings, optimize services, fix registry issues, remove bloatware, manage startup items |
| Data refresh | Refresh health report, system info, installed apps, threat status, threat blacklist |
Example: Weekly Maintenance Policy
A common setup:
- Run a system scan
- Clean the results
- Check for software updates
- Install available updates
- Run a registry scan
- Fix registry issues
- Request a fresh health report
This runs every Sunday at 3:00 AM, with retry enabled for offline devices.
Example: Disk Space Remediation
Trigger: Disk usage above 90%
- Run a system scan
- Clean the results
- Run a browser cache scan
- Clean browser caches
Cooldown: 24 hours. Max 2 executions per day.
Maintenance Runs
Every time a policy executes, it creates a maintenance run that tracks progress:
- Which devices were targeted
- How many succeeded, failed, or were skipped
- Per-device progress through the action sequence
- Results from each step
Impact Summary
After a run completes, an impact summary shows what was accomplished:
- Total space cleaned
- Files deleted and skipped
- Registry issues found and fixed
- Updates applied (and any that failed)
- Health score changes — average score before and after, with per-device breakdown
This gives you concrete evidence of what the automation is doing for your fleet.
Managing Policies
- Enable/disable — Toggle a policy on or off without deleting it
- Edit — Change the schedule, triggers, actions, or target group at any time
- View runs — See the history of all executions and their results
- Delete — Remove a policy entirely