The RMMmax Update Manager is a centralized patch management and update control system that gives you complete visibility and control over software updates across your entire environment — Windows, Mac, and Linux — all from a single console.
Cross-Platform Coverage
The Update Manager works across all supported operating systems and agent types:
- Windows Workstations — manages Windows Updates via PowerShell
- Windows Servers — separate scheduling policy from workstations so you can patch servers on a different cadence
- macOS — managed via the RMMmax agent and the upgrades script
- Linux — integrates with apt-get, yum, and zypper depending on the distribution
It works through your existing RMM platform (ConnectWise Automate, Datto RMM, Tactical RMM, ScreenConnect) or through the RMMmax independent agent with no third-party RMM required.
Update Scanning
Before any updates are applied, the Update Manager scans each device and reports back:
A full list of available updates with the update title, package name, current version, and available version.
KB Article IDs for Windows updates.
Update type classification: Security, Feature, Driver, Optional, or Other.
Severity rating for each pending update: Critical, Important, Moderate, Low, Optional, or Unspecified.
Whether a reboot is required after patching.
Scans can be triggered manually at the individual agent level or at the client level (scanning all devices for a client at once). Scans also run automatically on a background schedule, keeping your patch data current without manual effort.
Patch Score
Every device receives a Patch Score from 0 to 100, calculated based on the number and severity of pending updates. Scores are deducted based on update severity:
Severity Score Deduction
Critical −15 per update
Important −8 per update
Moderate −4 per update
Low −2 per update
Optional / Unspecified −1 per update
A score of 100 means the device is fully patched. Scores give you an at-a-glance health indicator for every device and roll up into a client-level overall patch score so you can prioritize which clients need attention most.
Update Deployment
Once a scan is complete, you have three ways to deploy updates:
Update All — push all available updates to a single device at once
Single Package Update — target one specific package or update by name, leaving everything else untouched
Client-Wide Update — trigger updates across all devices under a client simultaneously with one action
Reboot Policy
For each client and each individual device, you can configure whether a reboot is automatically triggered after updates are applied. This can be set per-agent or inherited from the client-level policy, giving you granular control over when reboots happen across different client environments.
Scheduled Updates
The Update Manager supports fully automated, scheduled update runs so you never have to manually trigger updates:
Weekly schedules — select the day of the week and hour to run updates
Monthly schedules — select the day of the month and hour to run updates
Schedules are set per client, per OS category — meaning you can configure Windows Workstations, Windows Servers, Linux, and Mac devices on entirely different update schedules within the same client
When a schedule runs, RMMmax logs the activity and optionally sends an email notification confirming updates were dispatched.
Client Summary View
At the client level, the Update Manager provides a consolidated view showing:
Every device under that client and its enabled/disabled state
Per-device patch score, pending update count, last scan date, and last update date
Reboot-required flags so you know which machines are waiting on a restart
This view also powers a Patch Report — a full export of the client’s update state including all pending updates per device, suitable for client-facing reporting.
Activity Logging
Every action taken through the Update Manager — scans, updates, scheduled runs, errors — is written to the team’s Update Manager activity log. This gives you a full audit trail of what ran, when, and for which clients and devices.
Enabling Devices
Update Manager management is opt-in at the device level. Each device must be explicitly enabled for Update Manager before scans or updates will be sent to it. This prevents accidental updates on devices that should be excluded, such as lab machines or devices in a change-freeze window.