Application version control on Jamf patch management

ks25
New Contributor III

Guys, I'm in learning phase of Jamf pro. I've a requirement that apps are getting updated to the latest version. Few days back had an escalation that after the Microsoft version upgrade unable to access outlook. So management need to get the application upgrade (n-1) version. I see that we don't have any in Jamf Patch management. Kindly advice how can we utilize it. 

Kindly explain about the patch policy. Thanks.

5 REPLIES 5

sdagley
Esteemed Contributor II

@ks25 Jamf Patch management doesn't have any sort of N-1 capability to control what versions get installed. Instead of using Jamf Patch Management to install or update Office you should take a look at the deferred updated channel capability of the Microsoft AutoUpdate tool. See this blog post by @kevinmcox for more details on what that offers: https://www.kevinmcox.com/2021/10/microsoft-now-provides-curated-deferral-channels-for-autoupdate/

ks25
New Contributor III

@sdagley  I've deployed Jamf Connect 2.12 in Computer management - Packages. When I create patch policy on patch management on Jamf Connect to upgrade to n-1 version. I see that we have recent version of 2.29, 2.28.1, etc., Lets say I'm adding the package of Jamf Connect 2.12 corresponding to 2.28.1. 

Correct me If I'm wrong, whatever devices having Jamf connect 2.28.1 version will get downgrade to 2.12? Or Whichever devices having Jamf Connect 2.12 will upgrade to 2.28.1 directly? Which is one right?

sdagley
Esteemed Contributor II

Unless you're specifically trying to downgrade to Jamf Connect 2.12 why would you add that packages to the definition for 2.28.1? In general you would not want to attach a package for a version lower than the patch definition. If you attach the 2.12 package to the definition for 2.28.1 it will downgrade (if the package allows it) any Mac running 2.28.1 or earlier.

When you attach a package to a patch definition it should be the package to install that version of the software. When you create a patch policy for that definition it is automatically scoped to all Macs that have a version older than the patch definition because the intent of the patch policy (normally) is to update all of those devices to the version of the patch definition.

ks25
New Contributor III

So meaning that we won't be able to do application version control using Patch Management. Am I right? Is there any tool from market place is available to do patch management?

sdagley
Esteemed Contributor II

@ks25  Could you explain what you mean by "application version control" and how the current Patch Management system doesn't meet your needs? Patch Management is (IMO) designed to let you easily deploy updates so any targeted application can be forced to run a minimum version (and a specific version if you've disabled automatic and user initiated updates), and it pretty much does that for most applications.

I would not recommend trying to use it for patching Microsoft Office applications because Microsoft AutoUpdate provides more control with much less overhead since it can deploy delta updaters unlike Patch Management which utilizes full installers.