@dtekum If you have physical, screen share or ssh capability to the computer this may help you.
Have look at this page:
I personally use sudo jamf policy none -verbose often
Would this need to be triggered while working with your user? If so, you could always publish a policy that runs the policy while you're on the phone with them. I would even recommend that you scope the policy to a static group. They call, you add them to the group, you have them launch Self Service (log in, if necessary) and have them run the policy.
That'd be the easiest way I think you'd be able to accomplish this if you're not able to get them on VPN or remote into their machine(s).
@dtekum If I understand the situation and requirements correctly, you would like the ability to force running of policy. I dont believe this can be initiated from the JAMF Pro/JSS interface, however.... I included a Self Service item that a user can run to "check in to JAMF" which then just runs a script to, 1. Runs a jamf recon - which picks up any changes and hence smart group memberships, 2, Runs a jamf policy - forces policy to run. 3. Runs a jamf manage - forces install of the framework - applies any restricted applications. You coud also use JAMF RMT/Jamf REMOTE to target an individual device, or the whole mac fleet (or selective smart group of devices, and run a checkin, which would then force policies to apply remotely.
Your requirements vary a little from the initial requirement, but can be achieved via a JAMF policies, depending on the specific update you are trying to enforce. For security/OS patches - this can be achieved using the JAMF Policy with the payload "Software Updates" - which you can set to forcibly apply IF an update is pending, and a set timer.
For software updates, if you are referring to Applications software updates, this would need to be managed by patch policies, that would trigger on check-in at the end of the policy check -
"Checking for patches...
No patch policies were found."
hope this gives you an idea of way forward...
As mentioned by cgiordano above, we just have a Self Service policy in our maintenance section called "Check for new policies" so the user can run a jamf policy command anytime themselves (normally when the service desk add their device to a deployment group, but the user needs it asap rather than waiting upto a hour for next checkin)
Alternatively there something that need immediate action on to the whole fleet then see if you can use a Config Profile instead of a Policy, as thats as fast as APNs works (i.e near instant)