A directive has come down to me that our organisation needs to patch all software within 14 days of a critical security update being released if we want to retain our funding (for those of you familiar with it, this is part of Cyber Essentials).
Jamf Pro seems to have half of the solution for this, in the form of its "Patch Management" section, but is there a commercially-supported solution for the other half?
I know a lot of you will say "AutoPkgr". I have tried it, and it's not bad as far as it goes, but because it's community-supported and the "recipes" are all by different people, there's no consistency in how it operates. Ideally I'd want something commercially-supported that will integrate with Jamf Pro's existing Patch Management component, to provide the packages and set up the smart groups and policies in an automated and consistent manner.
Is there any company out there that offers such a solution?
(For those of you who are familiar with Windows products of this type, what we're looking for is something like the Package Library in the paid edition of PDQ Deploy, and its integration with the companion product PDQ Inventory)
@Chris - while Kinobi Pro looks like it would be the sort of thing we need, the pricing's probably an order of magnitude larger than what we'd want to pay. Compare and contrast this with PDQ Deploy paid version pricing on the Windows side to see what I mean.
(I have edited my original post to indicate that PDQ no longer calls their regular paid product "Enterprise" on the pricing page and this terminology has now moved to a higher level)
We hoped Jamf Pro would provide this, but the project kind of fizzled...
@DanJ_LRSFC While im a big advocate of Kinobi, if your looking for a cheaper solution then speak to @andy.mckay at TRAMS about their new packaging service.
I understand its currently included as part of their TRAMScloud solution for their customers but im sure they would be interested in supplying as a standalone service as its listed on the market place.
Another alternative is to speak to @bentoms about JamJAR, as dataJAR offer this as a managed service for customers as well
I'd also ask your software vendors to look at Google/Microsoft for inspiration on how to manage updates for their products via MDM. Google's Keystone app is highly manageable and makes packaging updates to Chrome/File Stream irrelevant, ditto for Office. The more that vendors add these hooks themselves the more everyone benefits although admittedly it's a much longer haul than building your own stuff now.
@bentoms someone from dataJAR reached out to me on LinkedIn and sent some further information about dataJAR's Auto-Update for Jamf, so thanks for that.
@tlarkin while your feature request does make a lot of sense, I'm not sure I understand how it solves the particular problem I'm looking for a solution for?
Google's Keystone app is highly manageable and makes packaging updates to Chrome/File Stream irrelevant
What do you mean by this? Chrome is one of the apps that we need to keep up to date, so I'm interested in hearing about anything that helps us do that.
Recent version of Jamf Pro support JSON schema to define your own custom MDM payloads. That link leads to some JSON I wrote to manage Keystone (and the parent repository is a collection of others contributing schema for other products.)
Add the schema as an 'Applications & Custom Settings' payload with custom schema, paste in the JSON, and define your preferences from there. My particular example documents each preference key using Google's original explanations here