Skip to main content

Hi Team,

In our environment, we have requirement to install only Security, Critical Updates & 3rd party Updates for macOS. Can you please let us know how we can make sure we are specifically installing only Security, Critical and 3rd party S/W updates? 

Do we require separate policy for installing 3rd party updates or by using single Policy we can install all 3 categories. 

Below is the list of updates that we want to exclude from patching:

  • Feature Packs
  • Tools
  • Update Rollups
  • Upgrades

Also, let us know which policy is best to use in this scenario.

Thanks,

Shoaib

Hi @MD Shoaib Pasha,


I touched on this topic in your previous post, but to reiterate some.  I recommend crafting separate policies for handling your primary First Party updates, Security Definitions, as well as Third party patching Policies (those that require notifications to your end user, and those that do not).

 

For your first party updates, I tend to go with the Patch Except or Advanced Policy types.  These allow you to set up advance Package Targeting filters that can patch everything you want, but also exclude packages that should be deployed via companion policies.

Here’s a quick overview of some of the policies I have configured in my Console:
 



The Advanced Policy type will allow you to get even more granular with your package targeting.


In the example below, I am patching First Party Windows Updates that are older than 7 days, and excluding Feature Updates and Preview packages:

 



The same logic can be applied to MacOS first party updates as well:
 


Have a great day!​​​​​​​


 

Thanks for the info!


Reply