App/MacOS Update Management

OCS
New Contributor

Hi There,

 

I'm not super familiar with JAMF capabilities but am wondering if something is possible. Is there currently a method of being able to prevent apps from prompting for updates that would require administrator credentials? Or is there a way of giving users rights only to update their apps?

We are hearing that whenever a developer pushes out an update to some apps, our users are unable to use the product until the app is updated. I know this may be app-specific, but is there a way to do this on a broader scale? I've seen there is a way to defer updates of software/apps, but I don't know how well that works and if it works on every app. 

Any feedback would be appreciated!

1 ACCEPTED SOLUTION

AJPinto
Honored Contributor III

JAMF can only control application behavior if the application vendor supports it. If you don't want users to have admin access (which is a good thing), then you will need to maintain the applications with JAMF. MacOS behavior can be changed, but allowing standard users to make modifications that impact other users would open up security vulnerabilities and defeat the purpose of not grating admin access to begin with.

 

Application Configuration:

Each application vendor creates their own policy list. If an application has a key to be managed, JAMF can manage it. If the vendor does not make a key to be managed, then JAMF cannot manage it as it does not exist. 

For example chrome can be set to not check for updates with the DeviceAutoUpdateDisabled key.

Chrome Enterprise Policy List & Management | Documentation

 

MacOS Notifications:

JAMF Can configure macOS notification, and disallow an app from giving notifications. This would not prevent the app itself from telling the user to update when they open the app. 

 

Maintaining Applications:

JAMF can update pretty much any application. When you are aware of an update, you can package it, add it to JAMF and deploy it with a policy or use patch management. Anything JAMF does is done as root so no user interaction is needed.

 

App Store App:

JAMF can update Appstore Apps via MDM command, or be set to check for updates. You need VPP setup for this to function.

View solution in original post

3 REPLIES 3

dsavageED
Contributor III

I'd suggest you have a look at https://github.com/Installomator/Installomator

Hopefully between the script and Apples App store you can maintain your app version... Without knowing specific apps it's difficult to offer more advice.

AJPinto
Honored Contributor III

JAMF can only control application behavior if the application vendor supports it. If you don't want users to have admin access (which is a good thing), then you will need to maintain the applications with JAMF. MacOS behavior can be changed, but allowing standard users to make modifications that impact other users would open up security vulnerabilities and defeat the purpose of not grating admin access to begin with.

 

Application Configuration:

Each application vendor creates their own policy list. If an application has a key to be managed, JAMF can manage it. If the vendor does not make a key to be managed, then JAMF cannot manage it as it does not exist. 

For example chrome can be set to not check for updates with the DeviceAutoUpdateDisabled key.

Chrome Enterprise Policy List & Management | Documentation

 

MacOS Notifications:

JAMF Can configure macOS notification, and disallow an app from giving notifications. This would not prevent the app itself from telling the user to update when they open the app. 

 

Maintaining Applications:

JAMF can update pretty much any application. When you are aware of an update, you can package it, add it to JAMF and deploy it with a policy or use patch management. Anything JAMF does is done as root so no user interaction is needed.

 

App Store App:

JAMF can update Appstore Apps via MDM command, or be set to check for updates. You need VPP setup for this to function.

OCS
New Contributor

Great, I will look into this. Thank you.