As of Environment Manager 2018.3, it is now possible to trigger Ivanti Automation Tasks, within your Policy Configuration. You find that after configuring the action, it fails to run the task.
Enabling Auditing within your configuration for automation, to confirm if the task has failed to run. These events can be enabled by opening the configuration, selecting Manage > Auditing, sending the events to an event log and checking:
9672 - Workspace Automation action scheduled scheduling
9673 - Workspace Automation action scheduling failed
Once enabled, deploy this configuration to your endpoint, and recreate the issue. Below shows the example of a failed event:
Workspace Automation action scheduling failed (Action description: Automation Task > Install of Notepad++ Through UWM, Workspace task name: Install of Notepad++ Through UWM, Workspace task ID: 854B388E-5F9C-47FC-BE2C-24F48FCE60AC, Workspace task type: 0), http error: 404.
Running Environment Manager debug logs, will also show something similar to the below:
L4 T7236 131946171306564966 [CDecryptBuffer::GetCertificate] [ENTER]
L3 T7236 131946171306580433 [CDecryptBuffer::GetCertificate] Retrieving certificate using thumbprint [2C169FBB18EDED4576FA40900F6261D0D0AC1E1B]
L1 T7236 131946171306585245 [CDecryptBuffer::GetCertificate] CertFindCertificateInStore failure 
L3 T7236 131946171306585310 [CDecryptBuffer::GetCertificate] Retrieved certificate.
L4 T7236 131946171306585354 [CDecryptBuffer::GetCertificate] [EXIT]
L1 T7236 131946171306585458 [CDecryptBuffer::Decrypt] Error - failed to find a certificate to match the specified thumbprint
L4 T7236 131946171306585496 [CDecryptBuffer::Decrypt] [EXIT]
L1 T7236 131946171306585548 [DecryptPassword] Failed to decrypt data 
As part of the configuration for Automation, a RunAs user account will need to be specified in the Automation settings of the Policy configuration and a certificate specified. On the endpoints, this certificate (that has been exported *with* its private key, and protected with another password) needs to be copied and securely placed in the endpoint certificate store. The EM agent looks into the Local Computer\Personal store on each endpoint (which is the localMachine\My store in PowerShell) to find the certificate and its private key. Here is a PowerShell script that can be used to copy it from a file share to the correct store. The file share should be secured so that ordinary users cannot access it. Note that the private key password is required since the private key is in the file alongside the certificate.
Information on RunAs can be found in the following: