Managed Patch for Mac

The Managed Patch task uses the Munki client software to automatically deploy verified third-party software updates for supported products from a device. You are able to install the Managed Patch engine, run third-party software updates, and uninstall the Managed Patch engine.

To update the Apple OS version on your devices, see Update OS on Apple devices.
To update App Store purchases on your devices, see Manage App Store purchases.

We manually test and validate each patch in our repository to ensure it successfully installs and does not contain notable bugs. When we approve a patch as production-ready, its approval status changes from testing to production. When you add a Run Managed Patch task, the task defaults to install production patches only.

We update the third-party patch list nightly with the latest software versions and current approval status.

If a vendor releases a critical patch, such as a security fix, the approval status may change to Moved to Production status more quickly to deploy the fix as soon as possible.

Run task on a single device

You can run the Managed Patch or Uninstall Managed Patch task on Mac devices directly from the Tools menu or from the Device Details.

The software will NOT update itself immediately unless the user is logged out. Before running a Managed Patch task, check that the user is not logged in to the system to ensure the Managed Patch task is run successfully.

1. Click Views > All Devices.
2. Click the Tools icon > Task Execution.
   OR
   Click device name > Tools > Task Execution.
3. Next to Repository Item, select Managed Patch (or Uninstall Managed Patch to uninstall).
4. Set the Execution Timeout.
5. Click Run.
   

6. The Managed Patch task will show in the Output on the right, along with the time started, completed, and status (failed, succeeded, etc.).

Run task on multiple devices

You can use Scheduled Tasks in N-central to run the Managed Patch or Uninstall Managed Patch task on Mac devices.

The software will NOT update itself immediately unless all users are logged out. Before running a Managed Patch task, check that no user is logged in to the system to ensure the Managed Patch task is run successfully.

1. At the SO or Customer level, click Configuration > Scheduled Tasks > Add/Delete.
2. Click Add > Mac Scripting.
   
3. Set the Task name.
4. Next to Repository Item, select Managed Patch (or Uninstall Managed Patch to uninstall).
   
5. Click the Targets tab and set the filters/devices.
6. Click the Schedule tab and set the schedule as desired.
7. Click the Notifications tab and set as desired.

8. Click Save.