Patch Policies

Patch policies allow you to perform updates of previously installed third-party macOS software titles. After you have configured a patch management software title, you can create a patch policy to automate the distribution of software updates. (For more information, see Patch Management Software Titles.) You can configure the patch policy to be installed automatically or make the policy available in Self Service for users to run on their computers.

When you create a patch policy, you specify the following information:

  • The version of the software title to deploy

  • Whether to display notifications about the update (in Self Service, or in Self Service and Notification Center)

  • Whether to send users reminders that a software update is available

  • The amount of time to wait after the software title update is available before an update is automatically performed (called "update deadline")

  • The computers for which it should run (called “scope”)

After you create a patch policy, you can view the status and logs for the policy.

Variables for Grace Period Messages

There are several variables that you can use to populate the grace period message displayed to users before a software title is updated.

To use a grace period variable, enter the variable into the Message field on the User Interaction tab when creating a patch policy in Jamf Pro. When the patch policy is run on a computer, the variable is replaced with the value of the corresponding attribute in Jamf Pro.

Variable

Computer Information

$APP_NAMES

Name of the app that must quit before the software title can be updated.

$DELAY_MINUTES

Amount of time to wait before automatically quitting the app that cannot be open when a software title is updated.

$SOFTWARE_TITLE

Software Title Name

Requirements

To create a patch policy, you need a patch management software title version associated with a package. (For more information, see Patch Management Software Titles.)

Creating a Patch Policy

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Patch Management and select the software title for which you want to create a patch policy.

  4. Click the Patch Policies tab.

  5. Click New images/download/thumbnails/17105382/Icon_New_Button.png .

  6. Use the General pane to configure basic settings for the patch policy, including the display name and whether to distribute the policy by installing it automatically or by making it available in Self Service.
    Note: While users can search Self Service for items to install on their computers, patch policies will not be included in the search results.

  7. Click the Scope tab and configure the scope of the patch policy.
    For more information, see Scope.
    Note: For a computer to be eligible to receive a software title update, it must have the software title installed and meet the conditions on the General tab.

  8. (Optional) Click the User Interaction tab to configure the amount of time to wait before quitting apps automatically, and enter messages to display to users.
    In addition, you can customize the text displayed in the description for the policy in Self Service by using Markdown in the Description field (requires Self Service 10.0.0 or later).
    For information about Markdown, see the following Knowledge Base article:
    Using Markdown to Format Text

  9. Click Save.

Viewing the Status of a Patch Policy

For each patch policy, you can view a list that shows the number of computers for which the policy has completed, failed, and is still remaining.

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Patch Management and select the software title for which you want to see the patch policy status.

  4. Click Patch Policies.

Viewing Logs for a Patch Policy

The logs for a patch policy include a list of computers in scope of the policy and the following information for each computer:

  • The date/time that the log was created or updated

  • The status of the patch policy

  • The actions logged for the patch policy

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Patch Management and select the software title for which you want to see the patch policy logs.

  4. Click Patch Policies and select the policy you want to view logs for.

  5. Click Logs.

Further Considerations

When a computer is in scope of multiple patch policies for the same software title, only one policy is run for a specific title based on the following priority:

  • The policy with the latest software title version takes precedence.

  • If multiple policies are associated with the same software title version, the policy with the greater ID number will take precedence.

For example, if a computer is in scope of both of the following, only the policy with "id=3" will run:
https://jss.mycompany.com:8443/patchDeployment.html?softwareTitleId=1&id=3&o=r
https://jss.mycompany.com:8443/patchDeployment.html?softwareTitleId=1&id=2&o=r

Related Information

For related information, see the following sections in this guide:

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.