Skip to main content

I'm new to Jamf Pro and want to understand the patch process better for Mac OS updates and best practise.

I work in a predominately Windows environment that uses Microsoft system centre which allows you schedule when the latest monthly OS security updates are installed and enforce when they are installed by.

Ideally what I am looking for is guidance on how to set up a policy that runs on all of our Macs each month and ensures that their software updates are completed within a week.

Any advice will be greatly appreciated!

Cheers

Ben

@idsjamfadmin you may want to check this out. Auto-Update

I use a Policy that is set to run OncePerComputer and add all my updates pkg in there, like Flash, Office, etc.
You can set that policy to check for updates from Apple as well.
I include a script to write to the com.apple.RemoteDesktop.plist file with "Patch Level". I use the format yyyy.mm as the patch level. (I collect this Patch Level info with an EA and add it to the computer inventory.)

I create a Smart Group that uses the Patch Level. (which is a interger, so you can do < or >. I have a Smart Group name "Patch level less than 2019.08" If any computer's patch level is less than that, then the "Updates policy" would be scoped to it.

EA script to collect the Patch Level data:

#!/bin/bash
echo "<result>`/usr/bin/defaults read /Library/Preferences/com.apple.RemoteDesktop Text2`</result>"

Script to write the Patch Level to the ARD field:

#!/bin/bash
dateCode="2019.08"
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -computerinfo -set2 -2 "$dateCode"
echo "Patch Level is now $dateCode"
Terms & ConditionsCookie settingsAccessibility statement