moofPatch from Moof IT โ Automatic Third-Party Application Patching for Macs
moofPatch is an automated solution that enforces updates for 3rd party applications on macOS. The service leverages the built-in capabilities of Jamf Pro, adding enforcement of updates for security compliance, whilst minimising user disruption via deferral options, smart logic for meeting room apps and clear feedback to the user when patching occurs.
All updates and Jamf related config are maintained by Moof IT, following a strict testing and release process that minimises the risk of disruption.
Patching process
The following process is either 14 or 28 days in duration, depending on your chosen patch cycle:
-
On day 1 of the patching cycle, Moof will add available updates for all agreed applications to your Jamf Pro server
-
On day 2, your pilot users will start to receive notifications that updates are available, including the date at which they will be enforced, if they choose to defer them
-
On the agreed enforcement date, pilot users will have any available app updates enforced
-
The following day, all remaining users will start to receive notifications that updates are available
-
On the final enforcement day, all remaining users (that havenโt chosen to run them already), will have the updates enforced on their Macs
Key features
Enforced app updates
All apps included in your moofPatch config are subject to enforced updates on the organisation Macs, ensuring the devices stay up to date with bug fixes and compliant with security accreditations.
Pilot and standard user phased rollout approach
Update rollouts are phased with pilot users first, followed by your main Mac user group. This helps to ensure any more subtle bugs in specific app updates are detected before being deployed to all users.
14 or 28 day patching schedules
Your organisation has the option of enforcing either a 28-day or 14-day patching cycle, allowing you to adhere to any security accreditations that require a stricter patching frequency such as Cyber Essentials +.
Ad-hoc critical patch enforcement
In cases where a critical app update is identified, moofPatch allows the addition of ad-hoc updates being flagged as โcriticalโ. This enforces the installation of the update for the affected Mac within 24 hours, independently from the main patching cycle.
Please note that Moof are not responsible for monitoring devices for vulnerable software. Notification of a critical patch would need to be provided by your vulnerability management team.
If required, Moof are able to provide vulnerability management as a service, integrated with moofPatch for automatic addition of critical vulnerability patches.
Online meeting awareness
moofPatch is aware of meeting room software (including Zoom, Microsoft Teams, Webex & GoToMeeting) and detects whether a meeting is in progress. This allows you to run moofPatch safely on your devices knowing that it wonโt enforce updates if a user is in an online meeting.
Pre-patching device check
To help ensure a smooth deployment of app updates, moofPatch automatically checks for power, network and disk space, flagging up any issues for review if required:
Customisable patching deferral options
When moofPatch starts alerting users about pending software updates, they can be presented with a range of options including โRun updates nowโ, โDefer for X amount of timeโ or โDefer notifications until the enforcement timeโ.
Automatic application closing
moofPatch is configured to automatically close any open apps before they are patched. This helps ensure that the overall update process is successful as possible and avoids application corruption. In these cases, users are notified and given a 5-minute countdown to allow them to save any open work: