As I am pressed by our IT leadership to reach the holy grail of "100% complete" in software/OS/patching deployments, I thought I would ask other Mac admins in the trenches as to what you consider a "successful" deployment.
There are many eyes on critical software deployments or updates, and I am trying to find the right language that speaks to a deployment as being "successful" even if it is not 100% of all machines. We have, for example, a cutoff of 90 days since a last check-in, which leaves a fair number of machines in the db until they are considered stale objects and are deleted; there are a good number of machines that do not check in regularly as they may be a loaner laptop that sits unused for some time.
So when I have a deployment that reaches 95% complete, I look at that as successful when you take into account offline machines and maybe a small number that had a failed install for some reason. We follow up on all failed installs so those numbers eventually go down.
So when you are reporting to your leadership, how do you phrase "successful deployment" to them, and what does that look like in numbers?
Thanks for the stream-of-thought random question
When I have a policy I know the "eyes" are watching, I make sure to exclude those machines that have not checked-in within the last 30 days. That way you are getting a truer number of devices that the policy will hit in the short term. In my opinion and luckily my manager/director agree with me, if we hit 90-95% we considerate it a success. This still allows for devices that are having issues for whatever reason. It give you a smaller number of devices that may need to be manually remediated.
I left a company that expected "100%" success rate regardless of any excuses but also refused to allow certain things to help facilitate that - ie daytime changes, protracted change approval, etc. That made patching difficult, routine maintenance difficult, policy deployment difficult. They had things turned up to 11 across the board, regardless of what you were doing if it was deemed "critical" change. Also couldn't force updates that would require a reboot during the day (security patches, etc).
I recently moved to a company with more realistic expectations. "Active" computers are defined as in use within the last 14 days (especially helpful with the Covid/in-the-office issues). A Successful deployment/policy/whatever is defined of 97% installation on the active base within 1 week. After that, the guarantee of being hit by Jamf upon next policy checkin catches all safely. So far, in my few months, I've had a few deployments and not sweated any since that 97% within a week is fairly easy to hit.