Help

Patch Management - Best Practices

DC_72CA
New Contributor II

Posted on ‎06-28-2023 11:41 AM

Hi,

Our company recently onboarded Jamf. I'm looking at best practices, or what others in the community, has done with Patch Management.

It seems we must manually search for and download or create .pkgs of applications > upload the package > select Patch Management Application > Definitions > Add > Create Patch Policy or edit existing patch policy. 

I currently have applications all from the Jamf internal source. But the list of applications are getting longer as I onboard more Mac users. Having to download/create pkgs every month seems quite cumbersome. 

What do you do? 

Thanks. 

 

0 Kudos
8 REPLIES 8

sdagley
Esteemed Contributor II

‎06-28-2023 01:05 PM - edited ‎06-28-2023 01:11 PM

@DC_72CA You should definitely investigate the combination of AutoPkg and AutoPkgr to automate searching for and downloading packages as developers/vendors release updates.

Depending on your org's policies it might not be an option to have packages that are download via AutoPkg automatically uploads to your JSS, and they'll require verification first. If that's the case for you then you'll find the Suspicious Package and Apparency tools useful for that.

DC_72CA
New Contributor II
In response to sdagley

Posted on ‎06-29-2023 06:12 AM

Thanks! That will definitely make finding the packages easier.

0 Kudos

Samstar777
Contributor II

Posted on ‎06-28-2023 06:19 PM

@DC_72CA I would recommend you to review Jamf Pro App Installers where Jamf is doing all that work for you and you just scope the same on your managed mac, here is the quick link on what and how of jamf Pro App Installers --> https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/App_Installers.html

0 Kudos

sdagley
Esteemed Contributor II
In response to Samstar777

Posted on ‎06-28-2023 06:51 PM

Note that @DC_72CA mentions they're already using the Jamf App catalog ("Jamf internal source"), but it's a small subset of available Mac applications. It is a growing subset however, and one can always create a Feature Request for apps that aren't yet available and see if it gets enough upvotes from other Jamf Pro customers to gain a spot in the catalog.

DC_72CA
New Contributor II
In response to sdagley

Posted on ‎06-29-2023 06:17 AM

Basically, when we can, we use the Jamf App Catalog or on the Mac App store but there are applications not in it.

0 Kudos

sdagley
Esteemed Contributor II
In response to DC_72CA

Posted on ‎06-29-2023 06:25 AM

That's a good approach. Just don't use the Mac App Store versions of the Office apps.

Another option you might check out if you don't have a requirement that any installer you run must be reviewed before deployment is Installomator

0 Kudos

DC_72CA
New Contributor II
In response to sdagley

Posted on ‎06-29-2023 06:35 AM

Oh yeah, when I saw I had to select each one in the Mac App store and get licenses from the ABM. It was definitely better to use the Mac M365 installer and it comes with the AutoUpdate as well. Those apps have been updating without a problem. I've realized that some apps weren't automatically patching and found out I had to upload the package since they weren't in the Jamf App Catalog or Mac App Store. 

0 Kudos

DC_72CA
New Contributor II

Posted on ‎08-02-2023 01:49 PM

As I am onboarding more Macs into Jamf Pro, I notice some apps are not in the Jamf Internal source so can't make use of the Jamf Patch Management feature.

Do people just create a policy to update apps not in the Jamf Internal source?

Or, do people add an external source, if so, how do you find the hostname, IP etc. I've tried googling and doesn't seem to result in anything useful. Do people just reach out to the respective apps support team to see if they are willing to divulge such information? 

0 Kudos