How Do You Track OS Update Compliance? Especially Security Updates?

toconnor
New Contributor II

Curious what most folks are doing to track this for their compliance departments.

2 REPLIES 2

saul_herman
New Contributor II

I generally use a Smart Group that uses the build number to keep track of security/system updates.

Every now and then there's an update that doesn't increment the build number, in which case I usually use an extension attribute to track whatever details do change (safari version, opendirectory version, etc.)

KSchroeder
Contributor

I was wondering the same thing today...Patch Management in 10.0 is nice, but it really only lets you manage minor build updates (i.e. if the machine is 10.12.4, install the 10.12.6 combo updater). But, no good way to report on which machines have 2018-001 Supplemental Update for example for Spectre/Meltdown. This is a real disappointment.
@saul.herman what is your source for tracking this based on build #?
Really I expect Jamf to do this for us; we shouldn't have to manually track build versions and build smart groups for this. Needs to have a dashboard similar to Patch Management functionality!