Skip to main content

What’s new in patch

In today’s session, Jamf’s Patch Management Product Owner, John Miller, shared details on the product’s growth over the past year and introduced some exciting new features that will help IT admins identify Macs eligible for a software updates, and automatically apply that patch.

He started with an overview of how it works. “Jamf currently monitors 42 software titles that we believe to be the most popular,” Miller said. “These are monitored by Jamf employees, and we publish notifications within 24 hours.” He explained the notifications appear in the Jamf Pro server and are sent through email. The notification includes both the current and old versions.

Miller then jumped into Jamf Pro for a demonstration. He explained that while an old patch report only showed inventory, Jamf Pro Version 10 includes interactive links for each version and a dynamic updating pie chart. He then introduced an even bigger addition – patch policies.

“We made patch policies separate from normal polices, so you can have a tool focused on patching,” said Miller. This new Jamf Pro 10 includes extreme purpose-build policies that give the IT admin the ability to deploy patches to client devices.

Understanding that questions may arise, Miller went on present 8 patch policy pro tips:

  1. The Patch Command: Patch runs using the patch verb in Terminal. That means IT admins can manually troubleshoot patching. The patch command also runs after every policy, so it’s always looking for up-to-date software.
  2. Patch Definitions: The patch report will show all versions, or definitions, of a software title. Not only does this provide a handy way to see previous version, but it lets you link your package to each definition.
  3. Prevent Downgrade: If you don’t want your users downgrading their software, you can prevent your users from downgrading to an older version of the software.
  4. Patch Unknown Versions: If a device reports back a strange software version, it can still be patched automatically. Very handy for some software titles that might report incorrectly.
  5. Notifications and Messaging: Notify end users of anything new that’s available or anything new that will execute soon. Create custom messages for the users and identify what apps they need to close for the patch to occur. Add timers to note the length of the patch.
  6. Multiple Patch Policies: The framework of patch policies allows IT to deploy new patches to a test group first and then roll them out to a big group by creating separate policies. Make one for IT-only, user acceptance training (UAT), and wide distribution.
  7. Distribution Points: Set the distribution of the patch package to the default for each machine that is getting the patch. It will verify if the package exists during the process.
  8. Self Service: Not only can you patch third party software, you can also patch Self Service! Create patch policies to help you roll out the new Self Service in Jamf Pro 10 to your users.

Following these key points, Miller discussed Jamf’s plan for packaging and uploading. “We are working on improving the patch experience by integrating with third party packaging solutions in the future. The framework we have built into Jamf Pro 10 will serve as a strong foundation for future improvements,” Miller commented on the future of patch.

Finally, Miller also talked about adding macOS itself as a software title that will soon be available in the new patch management framework. Since software titles can be added in the background, this will simply show up in everyone’s instance of Jamf Pro once it’s ready.