Security updates VS updates, patch management for OS X and best practises practices to make it happen

New Contributor II


I'm working with the patch management as at the moment, we do everything manually from Apple Store. I have read several posts, info an articles about patch management, but I am still quite confused.

First time facing 100% of the patch management and OS versions process in Mac, so far I have this high-level overview of it:

1. OS X versions (High Sierra, Sierra, EL Capitan...) Which is your workflow to make this happen? I was thinking of something like to check once a month via smart groups that all the users have the last version.

2. OS X updates (I'm quite confused about this, as I am not sure if "updates" and "security updates" are the same in this context) For example, I can make some smart groups and policies to check how many Sierra users have the last 10.12.6 version and force it for the ones with a previous version. On the other hand, not sure if this guarantees that they will have the last 2018-002 or if they are totally separated things and I need to manage them in a different way. Any experiences and/or best practises about this? Any tips about the best way to make this happen with Jamf?

3. Third party software. I think this is quite "easy" as it is a built-in capability in Jamf, now. But happy to listen about any best practises.

4. Browser plugins. As they are one of the main doors for security issues, I am thinking in the best way to do that. Any suggestions?

Do you miss any "patch-management" items in this list? Happy to hear any suggestions and/or tips about this topic.

Thanks in advance!