Only running a policy when application is NOT open.

One approach would be to set up 2 policies. The main policy, scoped to your Macs based on a Smart Group for Zoom or some other method, would simply run a script to determine if Zoom is running or not. In the script, if Zoom is active for the current user, simply note it in the log output and exit. Have the policy run on each check in using an Ongoing frequency, again, based on a Smart Group or some other criteria for the scope. Each time it runs it first runs the script. If/when it sees that Zoom is closed, the script can call the 2nd policy, which would be the actual install or update policy (I assume it's an update policy, right?) That second policy can be triggered by a custom event call, for example in the script it might look something like:

/usr/local/bin/jamf policy -event updateZoom

Where updateZoom would be the manual trigger assigned to policy 2, which does the update. Scoping for policy 2 will also be important. If you only have that called by it's custom trigger and no other way, it's generally safe to set it to all managed Macs, and also to Ongoing frequency.

The one key thing you need to be sure about is to update inventory at the end of the second policy or do something that would cause the Mac to fall out of the Smart Group that policy 1 is using for scope. This prevents the first policy from running over and over after it already achieved it's goal.

Does that all make sense?

@mm2270 Thanks for responding! Can't believe it took me this long to find my way back!

So yah, I figured it would require at least 2 policies, but my blocker is getting the script right in policy 1 that would check to see if Zoom is running or not. Seems like what I have just deletes the Zoom app which is obviously not correct! lol

But yah having a Smart Group to see if a user has Zoom [or whatever app] running and then either stopping there [if it is running] or then triggering Policy 2 [update policy] would be ideal [for almost all update scenarios].