Skip to main content
Question

Patch Management - Best Practices


Forum|alt.badge.img+3

Hi,

Our company recently onboarded Jamf. I'm looking at best practices, or what others in the community, has done with Patch Management.

It seems we must manually search for and download or create .pkgs of applications > upload the package > select Patch Management Application > Definitions > Add > Create Patch Policy or edit existing patch policy. 

I currently have applications all from the Jamf internal source. But the list of applications are getting longer as I onboard more Mac users. Having to download/create pkgs every month seems quite cumbersome. 

What do you do? 

Thanks. 

 

8 replies

sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3540 replies
  • June 28, 2023

@DC_72CA You should definitely investigate the combination of AutoPkg and AutoPkgr to automate searching for and downloading packages as developers/vendors release updates.

Depending on your org's policies it might not be an option to have packages that are download via AutoPkg automatically uploads to your JSS, and they'll require verification first. If that's the case for you then you'll find the Suspicious Package and Apparency tools useful for that.


Samstar777
Forum|alt.badge.img+11
  • Valued Contributor
  • 134 replies
  • June 29, 2023

@DC_72CA I would recommend you to review Jamf Pro App Installers where Jamf is doing all that work for you and you just scope the same on your managed mac, here is the quick link on what and how of jamf Pro App Installers --> https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/App_Installers.html


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3540 replies
  • June 29, 2023
Samstar777 wrote:

@DC_72CA I would recommend you to review Jamf Pro App Installers where Jamf is doing all that work for you and you just scope the same on your managed mac, here is the quick link on what and how of jamf Pro App Installers --> https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/App_Installers.html


Note that @DC_72CA mentions they're already using the Jamf App catalog ("Jamf internal source"), but it's a small subset of available Mac applications. It is a growing subset however, and one can always create a Feature Request for apps that aren't yet available and see if it gets enough upvotes from other Jamf Pro customers to gain a spot in the catalog.


Forum|alt.badge.img+3
  • Author
  • New Contributor
  • 8 replies
  • June 29, 2023
sdagley wrote:

@DC_72CA You should definitely investigate the combination of AutoPkg and AutoPkgr to automate searching for and downloading packages as developers/vendors release updates.

Depending on your org's policies it might not be an option to have packages that are download via AutoPkg automatically uploads to your JSS, and they'll require verification first. If that's the case for you then you'll find the Suspicious Package and Apparency tools useful for that.


Thanks! That will definitely make finding the packages easier.


Forum|alt.badge.img+3
  • Author
  • New Contributor
  • 8 replies
  • June 29, 2023
sdagley wrote:

Note that @DC_72CA mentions they're already using the Jamf App catalog ("Jamf internal source"), but it's a small subset of available Mac applications. It is a growing subset however, and one can always create a Feature Request for apps that aren't yet available and see if it gets enough upvotes from other Jamf Pro customers to gain a spot in the catalog.


Basically, when we can, we use the Jamf App Catalog or on the Mac App store but there are applications not in it.


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3540 replies
  • June 29, 2023
DC_72CA wrote:

Basically, when we can, we use the Jamf App Catalog or on the Mac App store but there are applications not in it.


That's a good approach. Just don't use the Mac App Store versions of the Office apps.

Another option you might check out if you don't have a requirement that any installer you run must be reviewed before deployment is Installomator


Forum|alt.badge.img+3
  • Author
  • New Contributor
  • 8 replies
  • June 29, 2023
sdagley wrote:

That's a good approach. Just don't use the Mac App Store versions of the Office apps.

Another option you might check out if you don't have a requirement that any installer you run must be reviewed before deployment is Installomator


Oh yeah, when I saw I had to select each one in the Mac App store and get licenses from the ABM. It was definitely better to use the Mac M365 installer and it comes with the AutoUpdate as well. Those apps have been updating without a problem. I've realized that some apps weren't automatically patching and found out I had to upload the package since they weren't in the Jamf App Catalog or Mac App Store. 


Forum|alt.badge.img+3
  • Author
  • New Contributor
  • 8 replies
  • August 2, 2023

As I am onboarding more Macs into Jamf Pro, I notice some apps are not in the Jamf Internal source so can't make use of the Jamf Patch Management feature.

Do people just create a policy to update apps not in the Jamf Internal source?

Or, do people add an external source, if so, how do you find the hostname, IP etc. I've tried googling and doesn't seem to result in anything useful. Do people just reach out to the respective apps support team to see if they are willing to divulge such information? 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings