Jamf Blog
Child's hand with a bandage on their finger
December 13, 2022 by Jesus Vigo

Jamf Patch Management

Patch Management is an important function that allows IT professionals to confidently maintain their environments and keep them secure. And while it’s certainly critical, the unique app lifecycle management workflow is just one component of a broader, comprehensive device management and security solution that only Jamf offers.

Gone are the days of treasure-hunting for software patches. Reclaim lost time with Jamf’s new patch management solution. In this blog, we discuss how App Lifecycle Management allows IT professionals to confidently maintain their environments while keeping them secure.

What do we mean when we say patch management? you may be thinking. Essentially, it’s keeping the software in your organization up to date. But given the changes to the modern threat landscape multiplied by hundreds, possibly even thousands or more devices, successfully implementing the process involves many steps and variables that can make it pretty complicated. And the kicker is that you have to repeat the process for every patch. This becomes exponentially more difficult to keep up with when you are performing this process for several update cycles across dozens of titles each month.

The problem with legacy patch management

The process is so tedious. In fact, some IT administrators simply slowed down their update cadences or stopped patching altogether. Whether they don’t have enough time or lack the appropriate skills to successfully identify, research, test, deploy and verify patches — the truth of the matter is that many IT admins are using outdated methods (such as manually patching software) to keep endpoints and apps updated.

This can work for a while and is certainly better than not keeping up to date with patches or IT admins simply giving up — which is never a good idea. Sadly, historic patch management is a time-consuming endeavor, and many organizations can easily fall behind other critical management processes. Other reasons include:

  • Inability to schedule downtime for hardware and software updates
  • Lack of visibility into currently installed applications and devices
  • Unavailability or access to resources, especially when IT admins are busy

There have been modern improvements to the process, such as App Installers in Jamf Pro, that make macOS patch management a breeze, allowing organizations to stay up to date with patches and app updates while helping to fortify the security of your Mac fleet, keep end-users protected and safeguard sensitive data.

The king is dead…long live the king!

Introducing App Lifecycle Management from Jamf.

As mentioned previously, patch management is only one part of the larger solution that Jamf offers. Through App Lifecycle Management (or ALM for short), there are two ways to update patches and apps with Jamf Pro: Patch Policy Workflows and App Installers.

By blending the device management workflows with ALM, Mac admins can upgrade their change management processes, modernizing them to adapt to the modern threat landscape while effectively putting aside legacy patch management concerns, such as:

  • Constantly pulling reports to identify which computers have what versions installed
  • Conducting a scavenger hunt for available patches and application updates by macOS version
  • Figuring out which computers are eligible for each patch and any dependencies required

Jamf does this, and more, for you. Reporting, notifications and policies are all an integral part of ALM. Jamf created a systematic approach to get users the patches they need without the headaches of the past.

Going along with good change management practices, this is also an iterative approach, as Jamf is focused on meeting the most common needs, making the solution as easy to use as possible while blending visibility, analysis, remediation and verification into the overall cyclical process.

What does ALM include?

As part of the App Lifecycle Management solution, there are three components that make up the overarching ALM solution, modernizing as it simplifies your organization’s change management workflows to maximize efficiency and minimize risk against known vulnerabilities.

Jamf App Catalog

A collection of information and services about software titles including a list of 1,000 (and growing) third-party macOS software titles supported in Jamf Pro.

Title Editor

A Jamf-hosted service that extends patch management by providing custom software titles, overriding existing patch definitions and the ability to create custom patch definitions.

App Installers

The curated collection of Jamf-managed, Jamf-provided installer packages that streamline deployment for cloud-based customers. In its effort to continue to revise processes for simplicity and efficacy, Jamf:

  • Sources packages, validates, hosts and re-packages for easy, automated updating
  • Builds and adds to the list of patch and app installers technology frequently
  • Provides a robust, cloud-based console to deploy updates to any Mac, anywhere — helping IT “work smarter, not harder”

Benefits of an automated App Lifecycle Management workflow

As we pointed out previously, patching macOS software titles is important for organizations to run smoothly and securely. Keeping software up-to-date not only preserves the end-user experience Apple users have come to know and love but often improves it by gaining access to new productivity features that save them time while adding richness to the overall experience of using Mac.

Of course, there are obvious security implications to software, with many updates centering around code improvements, such as bug fixes or resolving security vulnerabilities.

Ultimately, the components that make up ALM within the larger Jamf Pro management solution serve to ease the burden of gathering and deploying patches and application updates across your Mac fleet. Regardless of which model Mac computers your organization relies on or where they’re physically being used — IT administrators can rest assured that:

  • Endpoints are staying protected against the latest known security vulnerabilities
  • Automated tools are deploying the patches and updates that each Mac requires — no matter which version of macOS they’re using or the model version
  • Management policies ensure that endpoints remain in compliance with software requirements
  • Patching levels can be easily monitored using custom Smart Groups, generating detailed reports to verify software compliance levels
  • The Jamf App Catalog’s expanding list of apps simplifies the deployment of third-party software, while Jamf Pro also ties into the Mac App Store for the deployment of managed apps from Apple’s global catalog

We’re really excited for Jamf Pro users to incorporate App Lifecycle Management workflows into their existing change management process to take advantage of all it can do, as well as the additional functionality waiting in the wings. It’s not only a great tool that makes short work of patch and update cycles, but we’re thrilled we’re able to offer it to help keep your environments running smoothly and securely.

Workflow comparison:

Legacy Patch Management

  • This is the (far) more manual process of the two
  • Jamf Pro collects version history (tells us when an app is outdated).
  • Generate reports to identify which computers have software titles installed and which titles need patching.
  • Jamf Pro will notify admins (through a configuration) of software title update availability.
  • With software titles added to Jamf Pro, an administrator is given full control over the deployment of any required patches through the creation of patch policies, a patch-specific variant of a regular Jamf Pro policy. Admins can distribute patches automatically or make them available for users in Jamf Self Service (option to notify users in Notification Center). A decline and grace period can also be added, so that users can install updates at a time of their choosing, rather than IT.

App Lifecycle Management

  • Streamlines the ability for IT to provide apps to end users and easily keep them up-to-date while delivering the experience they’ve come to expect.
  • App installers automatically source new versions from vendor hosts (e.g. – download the new version), repackages (if necessary), and upload it to the distribution point. Jamf Pro then links the package to the patch definition.
  • Before any app is deployed, it is validated to ensure security. Once verified, apps are deployed automatically to all Macs in the designated Smart Group. (this is silent, users take no action.)
  • Important apps, features and definitions are constantly being added and revised to provide greater support.

Is your organization still stuck in yesteryear’s manual patch management process?

Why struggle when it could be made much easier? Try out Jamf Pro with App Lifecycle Management to see for yourself how simple it is to modernize patching macOS and apps today.

Photo of Jesus Vigo
Jesus Vigo
Jamf
Jesus is a Copywriter, Security focused on expanding the knowledge base of IT, Security Admins - generally anyone with an interest in securing their Apple devices - with Apple Enterprise Management and the Jamf solutions that will aid them in hardening the devices in the Apple ecosystem.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.