pkg via policy vs "mac application from jamf catalog"

New Contributor

Godo evening,

a quick question, please: One of our applications is available as pkg installer but also as a "Jamf App Catalog" application in the Devices > Mac Applications tab.


My understanding is that for the Application install pathway I can "enforce" updates via a configuration profile for System updates (or it should be enabled as the specific app says "Auto update disabled: no" whereas for the pkg installer I can create a patch management with subsequent definition of the latest package and a corresponding Patch Policy.


The pkg pathway has the benefit of more granule scoping, however I am wondering what the general consensu on best practices is here?


Honored Contributor II

I am not sure if I follow but I'll try to answer.


You can only enable auto updates for an application with a configuration profile, if the application supports that function. This is purely up to the application manufacturer to support. For example Firefox uses the domain org.mozilla.firefox.plist and you can set AppAutoUpdate to true to force auto updates for Firefox. Not all, in fact most Applications don't support forcing auto updates with a configuration profile.


JAMF's Patch Management is a way for JAMF to force Application updates. Generally speaking it is always best to package applications to install in to /Applications as this is where JAMF automatically looks. However, you can adjust the extension attribute to read the application version from where ever you want. JAMF reads the application version, if it does not meet the minimum definition from patch management JAMF will run the policy to install the new app. This is not so much an upgrade as overriding the existing application with a newer copy.


I myself find patch management to be cumbersome and jamf to be lacking in maintained definitions, and easily replaceable with a bit of scripting and smart groups. I typically just use policies to upgrade applications, I will add extension attributes if I need to so I am upgrading only the correct devices.