Help

what are the best practices for Mac Apps (Jamf App Catalog) and keeping them updated?

Go to solution
TheCrusher4Real
New Contributor III

Posted on ‎12-19-2023 03:24 PM

I’m new to Jamf development and have been learning a bit from our senior Jamf developer, who said one of our biggest complaints from end users was not knowing when an application had finished updating because it would never relaunch.

So that’s what I set out to explore. My goal was to create and deploy a browser package that would automatically relaunch the browser post-update.

Someone on the forums suggested using Jamf Pro > Computers > Content Management > Mac Apps > Jamf App Catalog, since there I would have the ability to select the option “Automatically open app after update.”

Should mention here that this is different from the Packaging process we are using, which can be described as:

  • Create a new Package when a new version of an app becomes available
  • Update the existing Patch Management policy to reflect the new version of the app
  • Deploy to whatever groups we’ve scoped in the Patch Management policy

For my test:

I created a Smart Group that contains just one of my test Macs.

Next I created the Mac App for the browser (using the Brave browser for my testing). As previously noted, I checked the box to automatically open the app after an update. Set the app to appear in Self Service.

Then I installed it. Think that was version 119. There have been at least a couple updates since then but the browser hasn’t updated to  newer version.

So my questions: what happens now? How do I keep the app updated?

I’m not clear on how “Mac Apps” are different from “Packages”.  

Do I still need to continue to download each new version of Brave as it becomes available, and then update whatever Patch Management policy I have defined for that app?

Is there any documentation for Mac Apps, especially anything that illustrates how they different from creating Packages and using Patch Management policies to keep the apps updated?

Thanks.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Nicholaus
Contributor

Posted on ‎12-20-2023 12:34 AM

Hi again!

So, here's the way it works with the Jamf App Catalog:

You have 2 options: "Install automatically" or "Make available in Self Service". Both options automatically pull the latest version from the developer, but they differ on how those updates are handled.

"Install automatically" accomplishes the automatic updates without user interaction, but it doesn't give the user the choice on whether or not they want the app in the first place if they are in scope.

"Make available in Self Service" gives the user the choice for initial install and makes the newest version always available for download from Self Service upon release but will not automatically install it. It requires that the user go into Self Service to install the updates.

Here's a way you can make initial installation a choice AND get the automatic updates:

1. Create a Patch Policy for the app that you want to deploy. You don't need to do anything with this after creation.
2. Create a Smart Computer Group with the criteria "Patch Reporting Software Title" (in the show advanced menu) > select the app that you created the patch policy for. Then you want the operator to be "Is Not" and the value "Latest Version".
3. (You can skip this step because you already have it setup) Create a Jamf App Catalog item for the app you want to deploy and set the Initial Distribution Method to "Make available in Self Service". Scope this to whatever group you want to give the option of installing the app without making it mandatory.
4. Create another Jamf App Catalog item for the same app, but this time set the Distribution Method to "Install automatically". Check the option "Automatically open app after update" in the User Experience tab. Scope this to the Smart Computer Group that you made in the previous steps. This will ensure that the latest update is always automatically installed, but only for devices that have the app installed in the first place. The user will get a notification (every 8 hours by default if I remember correctly) that an update is available and to quit the app to install it. You can change the interval at which they get this notification with the "Custom notification frequency" setting in the User Experience tab. You can also help this process along by setting "Enable update deadline" in the User Experience tab and setting the number of days they will get this notification before it will force quit the application and install the update.

View solution in original post

5 REPLIES 5

Go to solution
Nicholaus
Contributor

Posted on ‎12-20-2023 12:34 AM

Hi again!

So, here's the way it works with the Jamf App Catalog:

You have 2 options: "Install automatically" or "Make available in Self Service". Both options automatically pull the latest version from the developer, but they differ on how those updates are handled.

"Install automatically" accomplishes the automatic updates without user interaction, but it doesn't give the user the choice on whether or not they want the app in the first place if they are in scope.

"Make available in Self Service" gives the user the choice for initial install and makes the newest version always available for download from Self Service upon release but will not automatically install it. It requires that the user go into Self Service to install the updates.

Here's a way you can make initial installation a choice AND get the automatic updates:

1. Create a Patch Policy for the app that you want to deploy. You don't need to do anything with this after creation.
2. Create a Smart Computer Group with the criteria "Patch Reporting Software Title" (in the show advanced menu) > select the app that you created the patch policy for. Then you want the operator to be "Is Not" and the value "Latest Version".
3. (You can skip this step because you already have it setup) Create a Jamf App Catalog item for the app you want to deploy and set the Initial Distribution Method to "Make available in Self Service". Scope this to whatever group you want to give the option of installing the app without making it mandatory.
4. Create another Jamf App Catalog item for the same app, but this time set the Distribution Method to "Install automatically". Check the option "Automatically open app after update" in the User Experience tab. Scope this to the Smart Computer Group that you made in the previous steps. This will ensure that the latest update is always automatically installed, but only for devices that have the app installed in the first place. The user will get a notification (every 8 hours by default if I remember correctly) that an update is available and to quit the app to install it. You can change the interval at which they get this notification with the "Custom notification frequency" setting in the User Experience tab. You can also help this process along by setting "Enable update deadline" in the User Experience tab and setting the number of days they will get this notification before it will force quit the application and install the update.

Go to solution
TheCrusher4Real
New Contributor III
In response to Nicholaus

Posted on ‎01-01-2024 12:29 PM

Thanks a ton for taking the time to write your detailed response, Nicholaus. Really helpful and much appreciated. 

I have a question. I created two Jamf App Catalog items as you outlined: one that's for the initial install of the app (I'm testing with the Brave browser) that will appear in Self Service, and then one that will be for updates to the application.

The updates one seems to be working as intended, but in Jamf, the app that is just for the initial Self Service install says "Unavailable" under the "Deployment Status" heading and I'm not sure why. 

0 Kudos

Go to solution
Nicholaus
Contributor
In response to TheCrusher4Real

Posted on ‎01-02-2024 09:34 AM

Has the Self Service version of the Jamf App Catalog item been used yet?

Also check that the group you scoped the Self Service version to has devices in it. I just added a new app for Self Service deployment and verified that it says unavailable when there is nothing in the scoped group. I'm not sure this was a coincidence, but it also changed from unavailable once I loaded Self Service on the target computer and saw that the app was available.

It also still shows as unavailable from the main Jamf App Catalog page, but if I click into the app record and click into the Deployment status tab it shows up properly. It seems that there are some visual bugs when it comes to the Jamf App Catalog stuff.

0 Kudos

Go to solution
JustinC
Contributor II
Contributor II
In response to TheCrusher4Real

Posted on ‎01-04-2024 07:43 PM

@TheCrusher4Real  the "Unavailable" status in the summary view page is because you have a deployment published via Self Service that has not yet been installed. The "Unavailable" isn't referring to the app being unavailable, it is referring to the deployment status report being unavailable as there are no installations as yet. As soon as even one installation has occurred, a report will be shown. We understand that this terminology is confusing and we will be changing it in a future Jamf Pro release.

Go to solution
TheCrusher4Real
New Contributor III

Posted on ‎12-27-2023 02:38 PM

Thanks a ton for taking the time to write your detailed response, Nicholaus. Really helpful and much appreciated. 

I have a question. I created two Jamf App Catalog items as you outlined: one that's for the initial install of the app (I'm testing with the Brave browser) that will appear in Self Service, and then one that will be for updates to the application.

The updates one seems to be working as intended, but in Jamf, the app that is just for the initial Self Service install says "Unavailable" under the "Deployment Status" heading and I'm not sure why. 

 

0 Kudos