NinjaOne Patching: Third-Party Software Patch Management for Apple macOS

Topic

This article describes third-party patching features available for Apple macOS endpoints managed by NinjaOne. The article also explains how to activate, configure, and view patching activity.

Environment

NinjaOne Patching
Apple macOS

Description

Third-party software patching enables you to manage software updates automatically for multiple third-party software products.

Select a topic to continue:

Activating Patch Management
Configuring Patch Management on the Software Patching Page
Settings Tab Options Explained
Software Tab Settings
Viewing Patch Scan and Installation Attempts
Manually Scanning for or Applying Updates
Current Products Supported

Activating Patch Management

To enable third-party patching for a macOS endpoint policy, perform the following steps:

In NinjaOne, click Administration, then click Policies → Agent policies from the expanded options and select your macOS policy from the list.

**Figure 1:** Administration → Policies → Agent policies (click to enlarge)

The policy's management page will open. Click the Software patching option, then click the Status toggle switch.

**Figure 2:** The Software patching policy page (click to enlarge)

Configuring Patch Management on the Software Patching Page

Use the Settings tab to configure your third-party patching settings.

**Figure 3:** Third-party patching settings (click to enlarge)

Settings Tab Options Explained

You can configure the following software patch management parameters:

Setting	Description
Scan schedule	This parameter set determines when the device will scan for available new patches. Schedule: Use the drop-down menu to choose the scan frequency. Days: If your scan interval is longer than daily, select which days of the week the system should perform the scan. Devices are patched only on the days selected. If you do not select any days, the system will display an error message. Time and Time Zone: Select the time of day and the appropriate time zone to perform the scan. By default scans start at 8 A.M. local device time and updates start at 5 P.M. local device time. These defaults only apply to new policies. Stagger over: Set a stagger interval to distribute patch installation times across your devices and avoid simultaneous updates. For more information, refer to NinjaOne Patch Management: Load Balancing Patch Installations With the Stagger Feature. Run scan immediately, if missed: Select this checkbox to run a scan immediately upon saving your settings. Apply immediately: Select this checkbox to have the system apply patches immediately when it finds them in a scan.
Update schedule	These settings specify when NinjaOne should apply the updates it finds when scanning. Schedule: Use the drop-down menu to choose the update frequency. Days: If your update schedule is longer than daily, select which days of the week the system should perform the update. Devices are patched only on the days selected. If you do not select any days, the system will display an error message. Time and Time Zone: Select the time of day and the appropriate time zone to perform the update. By default scans start at 8 A.M. local device time and updates start at 5 P.M. local device time. These defaults only apply to new policies. Stagger over: Set a stagger interval to distribute patch installation times across your devices and avoid simultaneous updates. For more information, refer to NinjaOne Patch Management: Load Balancing Patch Installations With the Stagger Feature. Run update immediately, if missed: Select this checkbox to run an update immediately. Maintenance Mode: Suppress Emails/SMS/Push notifications: Select this checkbox to prevent NinjaOne from sending alerts caused by actions occurring during the update (such as device reboots). You can refine this setting by selecting the Suppress condition alerts and Suppress notification channels checkboxes. Refer to NinjaOne Platform: Maintenance Mode for more information.
Update notifications	Choose how NinjaOne notifies users when the system needs to update software that cannot be patched in the background. The current setting will show as a link in this section. Click the link for the following additional options: Notify the user, then close the software and update. Automatically close software and update. Do not close open software. Applications must be closed to apply an update fully. If an application is still open when NinjaOne attempts to install an update, the installation will fail, and the following error will appear in the activity log: "One or more products failed to update due to application running state." Closing an open application can result in the loss of any unsaved data. When selecting an automatic close option, we recommend scheduling updates during off-peak hours, when users are less likely to actively use their systems.
Reboot options	These settings let you specify reboot behavior after NinjaOne patches a device. You can configure settings for both logged-in and logged-out users. If an end user interacts with a reboot prompt, NinjaOne will display an activity in the Device's Activity feed. Refer to Device and System Activity Notification Feed for more information. Reboot options: Logged-in user: Here you can configure the following settings: Prompt to reboot until reboot accepted: NinjaOne will display an on-screen prompt instructing the user to reboot and allow the update to complete. Use the scheduling options to determine the prompt frequency. Select the Force reboot after checkbox to set the number of prompts before NinjaOne automatically reboots the device. Select the Custom reboot dialog checkbox to replace the default prompt with your own text. Notify the user, then reboot: Choose this option to send the user a notification, then automatically reboot the machine and complete the update. Refer to NinjaOne Platform: Notification Channels for more information. Use the scheduling options to determine how long NinjaOne should wait before sending the notification and triggering the reboot. Automatically reboot: This option tells NinjaOne to reboot the device after the update installation is complete. Use the scheduling options to determine how long NinjaOne should wait before rebooting the device. Do nothing: NinjaOne will not perform any automatic reboot actions on the device. Period and Unit: If you selected Prompt the user to reboot until reboot accepted, use these fields to specify the prompt frequency. Select the checkbox to force a reboot after a specific number of prompts. Custom Reboot Dialog: Select this checkbox to add custom text to the reboot prompt. Reboot options: Not logged in user: Here you can configure the following settings: Attempt to reboot until successful: NinjaOne will keep trying to reboot the device, even if reboots fail, until it completes the action. Use the scheduling options to determine the reboot attempt frequency. Reboot immediately: NinjaOne will reboot the device as soon as the update is ready. Do nothing: NinjaOne will take no action to reboot the device. Schedule: Use the drop-down menu to choose the prompt frequency. Time and Time Zone: Select the time of day and appropriate time zone to perform the reboot.
Approvals	In this section, you can configure approval settings for all NinjaOne software not listed on the Software tab. Click the Edit link to automatically approve, reject, or require manual approval for Critical and Recommended patches. Refer to NinjaOne Dashboards: Software Inventory for more information.
Approval overrides	Here, you can set NinjaOne to override your patching policy for specific patches. Click the link to open the Overrides list, then search for the patch name. Use the second drop-down menu to select whether to approve or reject the patch. Examples of scenarios in which patches would appear in the Overrides section: If the category approval is set to Manual, and you then approve or reject the patch for the policy. If the category approval is set to Approve, and you then manually reject the patch for the policy. If the category approval is set to Reject, and you then manually approve the patch for the policy.

Software Tab Settings

The Software tab is where you can select the software you would like to include in NinjaOne's third-party patching. It is located next to the General tab on the Software patching page, as shown in Figure 4. From here, you can also configure approval settings for critical and recommended patches.

Adding Software to the Scheduled Patching List

When you activate software patching for a product, NinjaOne downloads all updates for that product on the machines affected by the policy. Those updates remain downloaded as long as third-party software patching is activated for that product.

On the Software patching page, click the Software tab, then click Add software.

**Figure 4:** Software → Add software (click to enlarge)

The Software library page will open. This page provides a list of available third-party applications. Select the checkbox next to the software titles you wish to install, then click Add. For publishers with multiple products, type the publisher's name into the search bar to find and view all titles.

**Figure 5:** The Software library (click to enlarge)

Your added software will now appear in the Software tab.

Software Patching Settings

This process lets you edit individual patch settings for installed third-party applications. There are two patch types: Critical and Recommended, and four behaviors for each patch type:

Default: The software will use the settings configured in the Approvals section on the General tab.
Approve: NinjaOne automatically approves all patches for the next update cycle.
Manual: Patches in this category appear in a "pending" state, requiring manual approval or rejection (either for individual devices or for the entire policy).
Reject: NinjaOne automatically rejects all patches for that category.

Editing Software Patching Behaviors

In the Software tab, select the checkbox for the software you want to edit, then click the Edit button when it appears.

**Figure 6:** Software patching → Edit (click to enlarge)

The Edit software dialog box will open. Use the Critical patches and Recommended patches drop-down menus to select the patching behavior. Use the Enable self service drop-down menu to make the application available to assigned end user device owners in their custom NinjaOne instances. Refer to End User Sharing and Device Access for more information.

**Figure 7:** The Edit software dialog box (click to enlarge)

Viewing Patch Scan and Installation Attempts

You can view patches found and patches installed in the Overview dashboard. Navigate to Dashboard → Patching → Software patches, then choose a patch status. You can choose Pending, Approved, Rejected, Installed, or Failed.

**Figure 8:** Dashboard → Patching tab → Software patches (click to enlarge)

Viewing Devices by Patch Status

If you are viewing the software patches at the System or Organization dashboard level, you can click the number in the Devices column to generate a list of the devices to which the patch status applies. For example, for a patch in the Approved tab, clicking the number shows the devices for which it is approved but not yet installed.

**Figure 9:** Devices by patch status (click to enlarge)

Manually Scanning for or Applying Updates

Scanning For and Updating Software on a Single Device

You can run a patch scan or update cycle on demand from any device's dashboard.

In NinjaOne, click Devices, then click the device from the search grid.

**Figure 10:** The Devices search grid (click to enlarge)

Place your cursor over the play icon in the action bar, select Patching, then choose Software scan or Software update.

**Figure 11:** Play icon → Patching → Software scan and update (click to enlarge)

Scanning For and Updating Software on Multiple Devices

You can run a patch scan or update cycle on multiple devices at the same time.

Navigate to the Devices search grid, as shown in Figure 10 above.
Select the checkboxes for the devices. NinjaOne will display new options.
Navigate to Run → Patching → Software scan, or Software update.

**Figure 12:** Run → Patching → Software scan and update (click to enlarge)

These options appear only if software patch management is activated for the policy governing the device, as described in the Activating Patch Management section above, and the device is online.

Current Products Supported

This table lists the current products that NinjaOne Third-party patching supports for macOS:

Vendor	Product
8X8 Work	8X8Work
Adobe	Adobe Acrobat 2015 Classic
Adobe	Adobe Acrobat 2017 Classic
Adobe	Adobe Acrobat 2020 Classic
Adobe	Adobe Acrobat DC Continuous
Alludo	WinZip
Apache Software Foundation	OpenOffice
Bombich	Carbon Copy Cloner
Box, Inc.	Box Sync
Cisco Systems, Inc.	Webex
Citrix Systems, Inc.	GoToMeeting
Document Foundation, The	LibreOffice
Dropbox	Dropbox
Evernote Corporation	Evernote
Garmin	Garmin BaseCamp
Google	Google Chrome
MacPaw	The Unarchiver
Microsoft	Excel
Microsoft	Microsoft Edge
Microsoft	Microsoft Teams
Microsoft	OneDrive
Microsoft	OneNote
Microsoft	Outlook
Microsoft	PowerPoint
Microsoft	Visual Studio Code
Microsoft	Word
Mozilla	Firefox
Mozilla	Thunderbird
Objective Development	Little Snitch
Opera Software ASA	Opera
Piriform Ltd	CCleaner
RealVNC Ltd	VNC Server
RealVNC Ltd	VNC Viewer
Slack Technologies	Slack
TeamViewer	TeamViewer
VideoLAN	VLC
Vivaldi LLC	Vivaldi
Wireshark Foundation	Wireshark
Zabbix	Zabbix Agent
Zoom Video Communications	Zoom Client