Patch management for MSPs.
Linux, FreeBSD, and Windows patch management built for the server fleets your clients actually run. Volume discounts for MSPs, custom pricing above 500 hosts, and bespoke multi-tenant deployments. Get in touch and we will scope what you need.
Why MSPs talk to us
Most patch management tools were priced and built for corporate desktop fleets. PatchMon was built for Linux and FreeBSD server fleets, with transparent per-host pricing and volume discounts for larger deployments.
Linux and FreeBSD coverage your RMM misses
APT, DNF, YUM, APK, Pacman, and pkg on FreeBSD, all from a single agent. Most RMM tools treat Linux as an afterthought and do not support FreeBSD at all. PatchMon was built for Linux server fleets first.
Volume discounts at MSP scale
Our self-serve pricing is per-host, starting at $1/host/month. If you run above 500 hosts or manage multiple client workspaces, we offer volume discounts. Get in touch and we will scope a plan that fits the fleet size you actually manage.
Outbound-only agents
Agents connect outbound over WebSocket. No inbound firewall rules needed on client hosts. Easier to get approved by client security teams.
Compliance evidence your auditor accepts
OpenSCAP CIS benchmark scanning and Docker Bench compliance checks on the Max tier. Generate per-host reports when a client asks for proof of state.
Remote access without a VPN
Browser-based SSH and RDP to managed hosts, on the Max tier. One less tool for your techs to juggle across client environments.
Pinned, verifiable agent
Every agent release is signed and versioned. Your clients' security teams can pin a version and verify the binary before rollout on their infrastructure.
How MSP pricing works
Our standard Cloud pricing is per-host, starting at $1/host/month on Starter. For MSPs we do two things on top of that:
- Volume discounts above 500 hosts. Per-host pricing is designed for predictable fleets. Once you manage hundreds or thousands of hosts across client accounts, the standard per-host rate stops making sense. We negotiate a volume rate that reflects the scale you are actually running at.
- Multi-tenant deployments on request. If you need separate client workspaces, each with its own branding, users, and isolated data, we scope a multi-client deployment around your client mix and compliance requirements. This is a bespoke engagement, not a self-serve tier.
Either way, the conversation starts the same way: tell us about your client mix and roughly how many hosts you manage, and we will send back pricing and a deployment plan.
How PatchMon compares
A direct comparison with the tools MSPs typically evaluate.
| PatchMon | NinjaOne / Atera | Automox | |
|---|---|---|---|
| Pricing model | Per-host, volume discounts for MSPs | Per-host/month | Per-host/month |
| Linux support | APT, DNF, YUM, APK, Pacman | Limited | APT, DNF, YUM |
| FreeBSD support | Yes (pkg) | No | No |
| Windows support | Monitor + plan (deploy on roadmap) | Yes | Yes |
| Deployment | Managed Cloud, multi-region | Cloud-only | Cloud-only |
| Regional Cloud | UK, DE, FR, US | Vendor region | Vendor region |
| Vendor lock-in | Export and leave (AGPLv3 fallback) | High | High |
What PatchMon covers
The full platform is available on the Max tier. Lower tiers include the features most MSPs need day-to-day; higher tiers add remote access, compliance, and AI.
- Real-time patch status across Linux, FreeBSD, and Windows
- Compliance scanning with OpenSCAP, CIS, and Docker Bench (Max)
- Remote access via browser SSH and RDP (Max)
- Automated patch policies and scheduling (Plus and Max)
- Alerting and notifications (email, Slack, Teams, webhooks)
- Dashboard and reporting for your fleet
- Agent auto-registration with API keys
- Custom branding: logo, favicon, and instance name (Plus and Max)
- Full API access for automation and integration
Security your clients can trust
When you manage other organisations' infrastructure, security is not optional. PatchMon's architecture is built around outbound-only agents, TLS everywhere, and a signed, verifiable agent binary.
Outbound-only agents
Agents connect outbound over WebSocket. No inbound firewall rules needed on client hosts. Easier to get approved by client security teams.
TLS everywhere
All communication is encrypted in transit. Agent-to-server, browser-to-server, and internal service communication all use TLS.
Pinned, verifiable agent
Every agent release is signed and versioned. Your clients' security teams can pin a version and verify the binary before rollout on their infrastructure.
Role-based access control
Scope what your techs and client contacts can see and do. Read-only roles for auditors, full admin for your operators, per-host visibility where you need it.
Book a demo
15-minute call, no sales pitch. We'll show you the dashboard, agent deployment, and answer your questions.
Iframe blocked? Book directly at cal.com/9-technology-group/patchmon-demo.
Tell us about your MSP fleet.
Three typical engagement bands. The more detail you share about your fleet, the faster we can come back with a concrete number.
Under 500 hosts
Self-serve on PatchMon Cloud at standard per-host pricing. Spin up a 14-day trial and add hosts as you go.
500 – 5,000 hosts
Volume pricing with a scoped per-host rate that reflects the fleet you actually run. Dedicated onboarding if wanted.
5,000+ hosts / multi-client
Bespoke engagement: dedicated deployment, priority support, and a pricing structure built around your client workspaces.