Jamf Pro Patch Feed Updates

michael_devins
Contributor II

Today, we launched enhanced versions of many of our existing patch management titles with more granular breakdowns and definitions to make app reporting and patch workflows more flexible. This is especially valuable for customers who aren’t always adopting the very latest version of an app or series. 

As was noted in the Jamf Pro 10.27 release notes, some of the existing titles have been marked as deprecated following this first round of upgrades. This deprecation label may cause an alarming round of email alerts for customers subscribing to title changes - don't panic! All deprecated titles will continue to receive full version updates for the foreseeable future in parallel with the newly released titles, so no existing patch workflows should be impacted.

We recommend that any customer adding a new title select the non-deprecated variants to minimize any future migration steps. We will provide guidance alongside a future Jamf Pro release for any necessary migration steps that may occur to help all customers move off of the deprecated versions of these titles prior to any end of support.

Over the coming weeks and months, you can expect to see even more titles added to the Jamf Pro patch feed. You can monitor the new resource page to keep track of the latest titles available from Jamf.

40 REPLIES 40

joshsw
New Contributor II

f852758d2c4642af8ab12a7d24408226
(Deprecated) also shows up in Patch Management notifications in Self Service notifications. This is confusing end users.

1ee9e020d54347dfa616bdd667056255

michael_devins
Contributor II

Thanks for the feedback @joshsw. We're looking into what we can do here to minimize end user confusion.

mtc_dkirsching
New Contributor

Hi.

Seems to be have a problem on Adobe Creative Cloud Patch.

Last version on Definitions is 5.3.5.518 but latest version selected is 5.3.2.471.

Thanks.
ec90b20a143147eaa328a311f437363d

5738a3b8d962429cbd4fc5532eb17562

ckulesza
New Contributor III

I have a ticket in as most of my Patch Management titles are not even updating anymore or even scoping... This update so far is terrible

barnesaw
Contributor III

For the less literate, including (apparently) the JAMFers among us, this "deprecation" is premature according you your own 10.27.0 release notes:

Patch management software titles—The Jamf patch management software titles will be updated in a future release. Some existing software titles will be marked as deprecated and replaced with updated software titles. Deprecated titles will continue to be updated as new versions become available; no action is required at this time. More information will be made available soon.

But hey, who cares about being honest and accurate?

michael_devins
Contributor II

@barnesaw This is a fair criticism. The patch feed is maintained and updated separately from the Jamf Pro code base but I totally appreciate how this reads like it'll change as part of a Jamf Pro release. Our goal was to provide advanced notice of this planned change so we decided to publish this in Jamf Pro release notes, which are generally one of the most visible and standard ways to communicate this kind of information to admins.

davidi4
New Contributor III

Nothing in the Jamf console showed anything about “deprecated” but sure enough I got a notification on my Mac’s Self Service reporting Slack was deprecated.

Need more heads up from Jamf - this and the Self Service bugs go straight to the end user experience

michael_devins
Contributor II

@davidi4 Thanks for the feedback. Once a title is added to Patch Management, the display name is admin-defined and won't update with a (deprecated) label. Unfortunately, the end user alert is still actually pulling from the raw patch feed. We are working on a solution to ensure this doesn't appear for end users. I'll share more once we have an update on this change.

tomt
Valued Contributor

Why are Patch and Code Base engineers not working together on something that is truly end-user facing (and not just Admin facing)? This screams that Jamf is becoming nothing but Silos with no upper management that has actual engineering experience.

sam_clark
New Contributor III

Not ideal for some larger scale or particular situations, but I have found it best before Jamf is able to implement a solution for the depreciated title on the user-end to simply recreate the title and assign definitions as new title versions are updated. Re-associating packages to definitions from a certain historical point forward has been a viable workaround to weed out the old and start with the new.

llitz123
Contributor II

So to be clear, can we remove the deprecated ones and re-add with non deprecated ones or are we just sitting with "(deprecated)" in the title until JAMF tells us differently?
Thanks.

joshsw
New Contributor II

Since this change was pushed out without an update to the JSS why not revert the change on your end until it's fixed? Then push it out. Seems a bit shortsighted to allow the negative experience to continue while you troubleshoot your end.

michael_devins
Contributor II

Thanks to everyone for the feedback about the end user confusion that the deprecated labels are causing. I want to let you know that we are preparing an update to the patch feed that will change the way we denote which titles are deprecated. This will return to the previous end user experience you are familiar with.

In order to revert the software title names, we will need to trigger a patch title refresh, which will initiate another round of email notifications for admins watching these titles. While this extra email is not ideal, we want to act quickly to resolve the end user confusion that the deprecated label has created. We plan to complete the change this week and I will share more details about the exact timeline once the fix is tested and scheduled for release.

michael_devins
Contributor II

Good question, @llitz123. You can definitely remove any deprecated titles and adopt the new version of that title today.

lbm5
New Contributor III

The new OneDrive patch title requires yet another Extension Attribute (the deprecated one did not). We really hope more titles don’t add on to our growing list of Extension Attributes.

Just_Jack
Contributor

Are all these changes to get ready for Kinobi 2.0 (Or, what ever the new name is going to be) of Patch Management?
And will the new Patch Management/Kinobi still be free or will become a pay service?

michael_devins
Contributor II

Update: Starting later today, we plan to roll out a change to the way that deprecated titles are displayed in the patch feed:

  • We will be removing (deprecated) from the software title name. This will ensure that end users are not confused by any new language in Self Service or other notification workflows.

  • We will be adding a (legacy definition) description to the publisher column to indicate which titles are deprecated. This will allow you to see which titles are deprecated when adding new definitions. We are using the new term so nobody interprets the vendor as being deprecated. Additionally, this (legacy definition) label should flow through to patch titles that have already been added to Jamf Pro so you can tell which items are based upon a deprecated definition.

  • In order to ensure that we quickly remove the (deprecated) language from user-facing workflows, we will be forcing a refresh of these definitions. Be aware that this will trigger an email notification if you are watching the title. This will be a rolling change over a few hours to ensure we don't spike traffic to the patch infrastructure.

I will post another update once the titles have all been refreshed.

jrippy
Contributor II

While I agree about communication and the need to be a bit better (really, what organization doesn't suffer from communication issues?), I am very happy with the first look at the updates! There are lots of changes that affected my organization that I am glad to see implemented, so thank you @michael.devins for the work that was put into this.

rcorbin
Contributor II

The one for OneDrive also shows an error in the extension attribute.

areimer
New Contributor

We are successfully seeing the new "(legacy definition)" listed when we go to add a new title, but Patch titles that we have already created don't have any information "flowing through" that tell us whether the definition is Legacy or new (unless perhaps we are only using the newer definitions). Where should we be looking in existing Patch titles for this info?

ThomM
New Contributor II

I'm seeing it in the Publisher column (the second column) but so far of the titles I'm using, only for Chrome. Imagine it'll be a bit until they're all updated. What I'm antsy for is the method to migrate from the deprecated titles to the new ones rather than having to rebuild them all by hand.
96dbe868fa934154affbf25c6591f91e

duncan_mccracke
New Contributor II

@lbr, The version information gathered by default Jamf inventory data is not quite granular enough to detect all releases of OneDrive, this is why the EA has been added to the new definition. There will be additional EAs for some new products being added, as this is required for accurate and up-to-date version information.

duncan_mccracke
New Contributor II

Hi @rcorbin, if a patch definition contains an Extension Attribute, its default behaviour on import is to show an error, until the terms are accepted by an administrator.

wildfrog
Contributor II

Is there a timetable for the transition? How much longer should we expect to get notified of patch title versions we’ve already deployed?

robertliebsch
Contributor

@duncan.mccracken "if a patch definition contains an Extension Attribute, its default behaviour on import is to show an error, until the terms are accepted by an administrator."

Where is this acceptance possible?

michael_devins
Contributor II

Update: the naming refresh of deprecated patch definitions should now be complete. As a recap:

  • Deprecated titles will now show a (legacy definition) label in the publisher column. This will also appear in any existing software title you’ve previously added in Jamf Pro to easily identify which objects are based upon a deprecated title.

  • End users should no longer see a (deprecated) label in Self Service or other notifications.

  • We will continue to maintain version updates for both new and legacy software titles for the foreseeable future until we have more details on migrating off of the deprecated titles.

Thanks for everyone’s feedback and understanding as we worked to make this right for you and your end users. We’re excited to bring more new titles to you in the near future so stay tuned for more updates.

wildfrog
Contributor II

Thanks @michael.devins for the update. So that I can calibrate my expectations. . .if I'm currently using what are now considered "legacy definitions" will they be converted/migrated/transitioned on the JSS end? Or will the JSS admin be expected to delete their "legacy definitions" and recreate them with the new/current definitions?

duncan_mccracke
New Contributor II

@robertliebsch, it is somewhat counter-intuitive, but the process (once the initial import is done) is as follows:
- Click the "Extension Attributes" tab, which has "1 Error".
- Review the script contents.
- Click the "Edit" icon / button in the bottom-right corner of the window.
- Click the "Accept" button which appears below the descriptive text about Inventory data.
- Check the "I have reviewed the script and accept use of this extension attribute." checkbox in the "Accept this Extension Attribute" modal.
- Click the "OK" button in the "Accept this Extension Attribute" modal.
- Click the "Save" icon / button in the bottom-right corner of the window.
The error should disappear, and the Extension Attribute will begin gathering inventory data as machines update their inventory.

wildfrog
Contributor II

@duncan.mccracken That sounds quite a lot like how Jamf's definition for Firefox has been handled for quite some time.

UESCDurandal
Contributor II

I see that the simple "macOS" option is marked as legacy/deprecated, replaced by individual components for each major version.

I for one find the macOS option very useful as a way to quickly see the status of the whole fleet on one screen. Any chance you'd consider keeping it? I can't imagine anyone's using the Patch Management feature to actually install macOS updates, especially considering that it looks like Apple's no longer providing update package files.

a_simmons
Contributor II

Why has this update been released randomly instead of with a JSS update?

davidhiggs
Contributor III

Probably due to a bug in Jamf Pro - Don't go adding both new and deprecated patch titles for the same software (eg. Firefox) and expect to use them both in Smart Group scoping. Smart Groups can see and add both patch reporting titles as individual criteria items, even browse the different version numbers in each patch reporting title, but when saving the Smart Group, it will only be able to query one.

If you use patch reporting title definitions in your smart group criteria, think about migrating away from the deprecated title first.

sheltond3
New Contributor III

I'm curious what this change is leading up to down the road. Since the acquisition of Kinobi, our team has been very worried what will be happening with the patch management solution. As it turns out, this current change did not really affect my team as almost all of our definitions are being imported from our Kinobi server instead of using Jamf's built in ones (we found those to be lacking at the time of decision making), but it does have me wonder what the next steps are.

Is there any kind of roadmap or anything that can be shared with the general community that can let us admins know what we can expect to happen with patch management, or maybe just the goals of Jamf as to what they want patch management as a feature set to be down the line?

taugust_ric
New Contributor III

Yes - I agree with @UESCDurandal - there should be a "macOS" that encompasses all versions of macOS so we have that option. The same goes for the Adobe Creative Cloud apps and Microsoft Office apps. Being able to track them both in the current release for patches and over historical timelines are important. I've gotten pretty creative with the legacy patch management policies with pushing out updates of new versions - especially since patch management policies have some special, magical, powers that standard policies do not without going through a lot of extra effort and customization.

user-wORmBMOdlT
New Contributor

As it turns out, this current change did not really affect my team as almost all of our definitions are being imported from our Kinobi server instead of using Jamf's built in ones (we found those to be lacking at the time of decision making), but it does have me wonder what the next steps are.

Oursainsburys

nateee
New Contributor II

I also agree with @UESCDurandal & @taugust_ric in regards to having an all-encompassing macOS item in patch management. The decision to make this a legacy definition doesn't make much sense. I want to be able to see my entire fleet's OS versions in one place, not have to jump between individual OS components to see everything.

JustinC
New Contributor II

@UESCDurandal @taugust_ric @nateee , we have taken on the feedback and have made the decision to keep maintaining the combined macOS patch definition alongside our newer separated, version specific macOS definitions. That way customers can choose which option best suits their requirements.

ianatkinson
New Contributor III

I haven't set up any new definitions yet so all mine say 'legacy' at the moment, are these going to be converted to new ones at some point (I'm already on 10.28)? I surely don't need to delete Chrome to then set up Chrome etc. across them all?

howie_isaacks
Valued Contributor

@ianatkinson I removed and re-added all of my patches to remove the legacy ones. I believe that was necessary. I didn't like that my users saw the (Deprecated) message next to the patch. There was no need for Jamf to make this visible to the users 🤬