Currently the Windows Update setting in the Atera Configuration policies are to allow local updates or disable all local settings. The problem with the latter option is that it also disables the automatic updating of Security intelligence updates (KB2267602). Every device will perpetually show as needing that update since Microsoft re-releases it multiple times a day. More info here: https://www.microsoft.com/en-us/wdsi/defenderupdates

I propose the following:
1) Add configuration options under the Atera Configuration Profiles for the Security Intelligence Updates. The most important one can be set with this PowerShell command: "Set-MpPreference -SignatureUpdateInterval <hours>". By setting this, updates for KB2267602 should automatically be checked and installed automatically at that interval even if the normal Windows Update Schedule is disabled. There are also options for scheduled day and times, but the interval setting should run independently of that.

Yes, we can create an IT automation profile to install definition updates daily or multiple times a day, but it clutters up the automation run history log.

2) Exclude KB2267602 from the available patches indicators. (Or at least have an option to do so) . You could also add it as a separate definition updates indicator column that could be turned on.

3) Add the most recent definitions update version and date to the device OS and Security page

4) In addition to the all or nothing Windows Update settings in the Atera Configuration policies, let us pick an advanced option with all of the same knobs that are available in group policy: https://learn.microsoft.com/en-us/windows/deployment/update/waas-wu-settings