Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Security updates VS updates, patch management for OS X and best practises practices to make it happen


I'm working with the patch management as at the moment, we do everything manually from Apple Store. I have read several posts, info an articles about patch management, but I am still quite confused.

First time facing 100% of the patch management and OS versions process in Mac, so far I have this high-level overview of it:

1. OS X versions (High Sierra, Sierra, EL Capitan...) Which is your workflow to make this happen? I was thinking of something like to check once a month via smart groups that all the users have the last version.

2. OS X updates (I'm quite confused about this, as I am not sure if "updates" and "security updates" are the same in this context) For example, I can make some smart groups and policies to check how many Sierra users have the last 10.12.6 version and force it for the ones with a previous version. On the other hand, not sure if this guarantees that they will have the last 2018-002 or if they are totally separated things and I need to manage them in a different way. Any experiences and/or best practises about this? Any tips about the best way to make this happen with Jamf?

3. Third party software. I think this is quite "easy" as it is a built-in capability in Jamf, now. But happy to listen about any best practises.

4. Browser plugins. As they are one of the main doors for security issues, I am thinking in the best way to do that. Any suggestions?

Do you miss any "patch-management" items in this list? Happy to hear any suggestions and/or tips about this topic.

Thanks in advance!

Like Comment