Skip to main content

Getting all the apps to devices: When and how we use patch, AutoPkg and VPP together

Navigating options within the IT world can be confusing. Jamf has Patch Management. The open-source community has Autopkg and Autopkgr, and Apple has the Volume Purchase Program (VPP). So which one(s) should you use? In today’s session, Ben Toms, a technical director at U.K.-based Jamf MSP and Integrator, dataJAR Ltd, provided clarity.

Toms started with a look at VPP, where he shared information about the program, including the ability to receive automatic app updates to App Store apps.

Toms then explained the process, starting with showing the steps from the recipe he built for The MUT – a tool he highly recommends.

“It’s magical, but the experience can sometimes be so-so”. Especially if you know you’ll need to re-provision the device for a new user or purpose (wiping the machine and starting again).

Also, if you’re using the app and an update happens, the user gets a prompt to update. Updates can get stuck, especially if the user closes their MacBook and updates back up. Be mindful. Look at when your inventory is happening. Pop-ups demanding admin passwords are not a great experience for a non-admin user.

Toms called out some great advice he heard from Nic Chetham, Jamf Field Services Engineer: Just remember: top down, left to right while looking through the JSS. This will stop you missing any important commands. This applies to Jamf Pro users at all levels.

Moving on to look at automation. “With malware becoming more prevalent on macOS, it’s important we, as admins, bring in automation to validate software before we deploy,” Toms said. He suggested updating little and often – an easy way to keep devices more secure. He dove into the details of a few options: AutoPkg/AutoPkgr; VPP; and Patch.

He began by explaining, “AutoPkg consists of various scripts that perform the steps mentioned in the wiki, but if you’re somewhat command line averse, there is AutoPkgr. That’s a GUI for AutoPkg.”

“It’s not all smoke and mirrors”

While walking through the steps in detail, he explained, “AutoPkg encourages the use of recipes created and shared by others. You can leverage the hard work done by other admins without having to re-invent the wheel yourself. You can add repos of other people’s recipes using the AutoPkg repo-add command.”

Some useful links for everyone wanting to learn more:

https://github.com/autopkg/autopkg
https://github.com/lindegroup/autopkgr
https://github.com/homebysix/auto-update-magic
https://github.com/dataJAR/jamJAR

Toms then discussed choices. He suggested users consider the following questions when evaluating which option is best for their environment:

  • Is the title only available in the App Store?
  • Is the title not available from the App Store?
  • Does the title offer in-app purchases?
  • Is maintaining versions important?
  • Are there annoying update nags?

For the third method, Toms introduced John Miller, Senior Manager, Product Owners at Jamf, to talk about the new packaging and uploading tools within the updated patch functionality coming in Jamf Pro 10.

Touching on the “Jamf and…” we know there are plenty of amazing tools already on the open-source market, referencing today’s announcement of the Jamf Marketplace: A place to find all the best open-source tools on the market that interact with Jamf Pro.

After a lively Q&A, the audience were ready to learn more about Patch Management, and John Miller’s “What’s new in Patch” session on Thursday looks like it will be very popular.