1. For those that like to Read The Fantastic Manual (RTFM), check out the App Auto-Patch wiki found here: App Auto-Patch Wiki
2. Some callout pages on the wiki:
   • AAP Activator
   • Populating App Labels
   • End-User Experience

1. Download the latest App-Auto-Patch-via-Dialog.zsh script to your computer. The latest version can be found here: https://github.com/robjschroeder/App-Auto-Patch/blob/main/App-Auto-Patch-via-Dialog.zsh
   • If you’d like to use Terminal to download a copy and save it to your Downloads, open the Terminal application and paste the following command:

curl -o ~/Downloads/App-Auto-Patch-via-Dialog.zsh https://raw.githubusercontent.com/robjschroeder/App-Auto-Patch/main/App-Auto-Patch-via-Dialog.zsh

2. Make any modifications to this script to fit your organizational needs. Consider making changes to:

• –scriptLog
• –debugMode
• –deferralTimer (if using deferrals
• –unattendedExit
• –Support Team Details
• –Webhook Options

1. Add the App-Auto-Patch-via-Dialog.zsh script to your Jamf Pro server
2. Set your script parameter options as follows:
   • Parameter 4: Interactive Mode [ 0 (Completely Silent) | 1 (Silent Discovery, Interactive Patching) | 2 (Full Interactive) (default) ]
   • Parameter 5: A space-separated list of Installomator labels to ignore (i.e., “microsoft* googlechrome* jamfconnect zoom* 1password* firefox* swiftdialog”)
   • Parameter 6: A space-separated list of required Installomator labels (i.e., “firefoxpkg_intl”)
   • Parameter 7: A space-separated list of optional Installomator labels (i.e., “renew”) ** Does not support wildcards **
   • Parameter 8: A space-separated list of options to override default Installomator options (i.e., BLOCKING_PROCESS_ACTION=prompt_user NOTIFY=silent LOGO=appstore)
   • Parameter 9: Number of times a user is allowed to defer before being forced to install updates. A value of “Disabled” will not display the deferral prompt. [ integer | Disabled (default) ]

1. Create a new policy for App Auto-Patch.

2. The Jamf Pro policy will need to have the App Auto-Patch script added to the Script payload. Fill the script parameters to make sure you get the desired result of the script.

** Optionally, you can make the script available in Self Service for end-users to run on their own time.

Silent Discovery and Updating

Process Overview

In Completely Silent mode, App Auto-Patch operates discretely in the background. It automatically scans the Mac for installed applications and checks for available updates. When an update is found, App Auto-Patch via Installomator will attempt to download and install it, ensuring that the software is up-to-date without requiring user interaction.

User Experience

Users benefit from a seamless and uninterrupted workflow, as App Auto-Patch manages updates without displaying prompts via swiftDialog. This feature is especially advantageous in environments where maintaining productivity and reducing distractions is crucial.

Handling Open Applications via BLOCKING_PROCESS_ACTION

Installomator’s handling of open applications requiring updates is governed by the BLOCKING_PROCESS_ATION parameter. This parameter can be configured in the following ways to manage open applications:

• ignore: Continue the update process even if blocking processes (open applications) are detected.
• quit: Politely requests the open application to quit to proceed with the update.
• quit_kill: Makes two polite requests for the application to quit, followed by force termination if necessary. This option is suitable for service applications that do not automatically respawn.
• silent_fail: Terminates the update script without user interaction or notification if a blocking process is found.
• prompt_user: (Not applicable in silent mode) Displays a dialog box for each blocking process, allowing the user to choose between updating immediately or delaying the update.
• prompt_user_then_kill: (Not applicable in silent mode) Similar to Prompt_User, but forcibly terminates the blocking process if the user opts to update immediately.
• prompt_user_loop: (Not applicable in silent mode) Functions like Prompt_User, but re-prompts the user every hour until action is taken.
• tell_user: Displays a notification about the update, allowing the user only to quit and continue with the update.
• tell_user_then_kill: Notifies the user about the update and, if the application does not quit, forcibly terminates it.
• kill: Forcefully terminates the blocking process without prior notification or the opportunity for the user to save their work.

Silent Discovery of Installed Applications

Process Overview

In this mode, App Auto-Patch discreetly scans the Mac to identify all installed applications. This process occurs in the background, ensuring no disruption to the user’s workflow.

User Experience

Users will not notice the discovery process, as it is designed to run silently without any notifications or prompts. This feature is particularly beneficial for maintaining an uninterrupted work environment.

Interactive Update Process

Once the discovery process is complete, App Auto-Patch presents a list of applications that require updates. This list is displayed in an easy-to-understand dialog, providing users with clear information about which applications are out-of-date.

Iterative Update Process

• Applications to Update: Users are provided a list of applications that need updates.
• Feedback During Updates: As each application is updated, the user receives real-time feedback. This includes information such as the current application being updated, update progress and the status of each application’s update.
• Completion Notification: Upon completion of each update, users are notified, allowing them to keep track of the updates that have been successfully installed.

Interactive Discovery of Installed Applications

Discovery Feedback

Upon launch, App Auto-Patch presents a dialog to the end-user via swiftDialog indicating the start of the discovery process. This ensure that the user is aware that App Auto-Patch is actively scanning for installed applications.

If there are no updates found by App Auto-Patch, users will see an additional pop-up letting them know.

Process Feedback

During the discovery phase, App Auto-Patch provides real-time feedback displaying information about the applications it is scanning and checking for updates. This includes:

• The application that is currently being evaluated
• The path to the installed application In the backgound, App Auto-Patch is comparing the application’s installed version versus the latest version available with Installomator.

User Experience

This interactive approach keeps the user informed and engaged during the discovery process, enhancing transparency and their own experience.

Interactive Update Process

Once the discovery process is complete, App Auto-Patch presents a list of applications that require updates. This list is displayed in an easy-to-understand dialog, providing users with clear information about which applications are out-of-date.

Iterative Update Process

• Applications to Update: Users are provided a list of applications that need updates.
• Feedback During Updates: As each application is updated, the user receives real-time feedback. This includes information such as the current application being updated, update progress and the status of each application’s update.
• Completion Notification: Upon completion of each update, users are notified, allowing them to keep track of the updates that have been successfully installed.

Huge thanks to @TechTrekkie for adding this workflow to App Auto-Patch!

There is a new heading in the App Auto-Patch script labeled ### Deferral Options ###. 

• maxDeferrals – This variable by default is set to Disabled. If you would like to enable deferrals for end users then this will need to be changed to the maximum number of deferrals you would like to offer. Once the maximum number of deferrals has been reached, App Auto-Patch will continue to its updating dialog. To use this option, you will need to have interactiveMode set to either 1 or 2. 
• deferralTimer – This is the number of seconds given to the end user to respond to the deferral prompt before the deferralTimerAction is triggered.
• deferralTimerAction – This is the action that takes place once the timer has expired, either Defer or Continue. Defer is currently set as default. 
• AAPActivatorFlag – If you are utilizing the new AAP-Activator script workflow within your Jamf Pro setup, this variable should be set to true. More on AAP-Activator below. 
• aapAutoPatchDeferralFile – This is the location of the App Auto-Patch Deferrals plist.

https://github.com/robjschroeder/App-Auto-Patch/tree/main/AAP-Activator

If you are using deferrals with your App Auto-Patch setup, the policy within Jamf Pro will need to be run again to prompt the user for their updates and give them to option to defer once again or continue. This can be achieved by setting your policy to run weekly at recurring check-in. Another option, however, is to use the AAP-Activator script. This script works in tandem with App Auto-Patch and is meant to trigger AAP under the right conditions. 

*Note* AAP-Activator requires App Auto-Patch version 2.0.0 or later. 

Configuration Variables

AAP Activator writes three essential variables to a configuration property list (.plist) file:

• AAPWeeklyPatching (True|False):
  • Determines if the patching process has been completed for the week
    • False triggers the Activator to execute the App Auto-Patch script
    • True indicates that the weekly patching is complete and should be skipped
• AAPWeeklyPatchingStatusDate (datetime):
  • Populated with the date/time when the Activator script first executes
  • Used to calculate the days passed since the weekly patching period started
  • Resets to False after 7 days, restarting the weekly patching cadence
• AAPActivatorFlag
  • Signal for the App Auto-Patch script to automatically determine if triggered by AAP Activator

Setup

1. Modify your existing App Auto-Patch Jamf Pro policy (or create a new one):
   • Set Execution Frequency: Ongoing
   • Set Trigger to a custom value (i.e., AppAutoPatch)
2. Customize the script to fit your organizational needs. Consider modifying the following:
   • patch_week_start_day
   • maxDisplayAssertionCount
3. Upload the script to Jamf Pro, you can make use of the Jamf Pro Script parameters. The current parameter labels are as follows:
   • Parameter 4: Script Log Location [ /var/log/com.company.log ] (i.e., Your organization’s default location for client-side logs)
   • Parameter 5: The custom trigger used to call the App Auto-Patch Jamf Policy [ex: AppAutoPatch ]
   • Parameter 6: The number of days until the activator resets the patching status to False [ integer ]
   • Parameter 11: Debug Mode [ true | false (default) | verbose ] Adds additional logging
4. Create a Jamf Pro Policy for AAP Activator. Be sure to set your General Payload as follows:
   • Execution Frequency: Once Every Day
   • Trigger: Recurring Check-In
5. The Jamf Pro policy will need to have the AAP Activator script added to the Script payload. Fill the script parameters to make sure you get the desired result of the script

The extension attributes that can be used within Jamf Pro can be found here: App Auto-Patch Jamf Pro EAs

AAP-DeferralsRemaining

#!/bin/bash

# This script returns the deferrals remaining of App Auto Patch to Jamf inventory. 
# Make sure to set the Extension Attribute Data Type to "String".
# 12.19.2023 @andrewbarnett

# Path to the App Auto Patch working folder:
AAP_folder="/Library/Application Support/AppAutoPatch"

# Path to the local property list file:
AAP_plist="${AAP_folder}/AppAutoPatchDeferrals.plist"

# Report if the App Auto Patch preference file exists.
if [[ -f "${AAP_plist}" ]]; then
    remainingDeferrals=$(defaults read "${AAP_plist}" "remainingDeferrals" 2> /dev/null)
    [[ -n "${remainingDeferrals}" ]] && echo "<result>${remainingDeferrals}</result>"
    [[ -z "${remainingDeferrals}" ]] && echo "<result>No last deferrals</result>"
else
    echo "<result>No AAP preference file.</result>"
fi

exit 0

AAP-DisplayAssertionCount

#!/bin/bash

# This script returns the count of display assertion deferrals for App Auto Patch to Jamf inventory. 
# Make sure to set the Extension Attribute Data Type to "Integer".
# 02.18.2024 @robjschroeder

# Path to the App Auto Patch working folder:
AAP_folder="/Library/Application Support/AppAutoPatch"

# Path to the local property list file:
AAP_plist="${AAP_folder}/AppAutoPatchDeferrals.plist"

# Report if the App Auto Patch preference file exists.
if [[ -f "${AAP_plist}" ]]; then
    displayAssertionCount=$(defaults read "${AAP_plist}" "AAPDisplayAssertionCount" 2> /dev/null)
    [[ -n "${displayAssertionCount}" ]] && echo "<result>${remainingDeferrals}</result>"
    [[ -z "${displayAssertionCount}" ]] && echo "<result>No display assertion deferrals</result>"
else
    echo "<result>No AAP Deferral preference file.</result>"
fi

exit 0

AAP-LastDiscovery

#!/bin/bash

# This script returns the last discovery run time of App Auto Patch to Jamf inventory. 
# Make sure to set the Extension Attribute Data Type to "Date".
# https://techitout.xyz/app-auto-patch
# by Robert Schroeder (@robjschroeder)
# 10.20.2023

# Path to the App Auto Patch working folder:
AAP_folder="/Library/Application Support/AppAutoPatch"

# Path to the local property list file:
AAP_plist="${AAP_folder}/AppAutoPatchStatus" # No trailing ".plist"

# Report if the App Auto Patch preference file exists.
if [[ -f "${AAP_plist}.plist" ]]; then
    aap_discovery=$(defaults read "${AAP_plist}" AAPDiscovery | sed 's/.\{6\}$//' 2> /dev/null)
    [[ -n "${aap_discovery}" ]] && echo "<result>${aap_discovery}</result>"
    [[ -z "${aap_discovery}" ]] && echo "<result>No last discovery</result>"
else
    echo "<result>No AAP preference file.</result>"
fi

exit 0

AAP-LastRun

#!/bin/bash

# This script returns the last run time of App Auto Patch to Jamf inventory. 
# Make sure to set the Extension Attribute Data Type to "Date".
# https://techitout.xyz/app-auto-patch
# by Robert Schroeder (@robjschroeder)
# 10.20.2023

# Path to the App Auto Patch working folder:
AAP_folder="/Library/Application Support/AppAutoPatch"

# Path to the local property list file:
AAP_plist="${AAP_folder}/AppAutoPatchStatus" # No trailing ".plist"

# Report if the App Auto Patch preference file exists.
if [[ -f "${AAP_plist}.plist" ]]; then
    aap_lastrun=$(defaults read "${AAP_plist}" AAPLastRun | sed 's/.\{6\}$//' 2> /dev/null)
    [[ -n "${aap_lastrun}" ]] && echo "<result>${aap_lastrun}</result>"
    [[ -z "${aap_lastrun}" ]] && echo "<result>No last run</result>"
else
    echo "<result>No AAP preference file.</result>"
fi

exit 0

AAP-Version

#!/bin/bash

# This script returns the version of App Auto Patch that was last used 
# to Jamf inventory. 
# Make sure to set the Extension Attribute Data Type to "String".
# https://techitout.xyz/app-auto-patch
# by Robert Schroeder (@robjschroeder)
# 10.20.2023

# Path to the App Auto Patch working folder:
AAP_folder="/Library/Application Support/AppAutoPatch"

# Path to the local property list file:
AAP_plist="${AAP_folder}/AppAutoPatchStatus" # No trailing ".plist"

# Report if the App Auto Patch preference file exists.
if [[ -f "${AAP_plist}.plist" ]]; then
    aap_version=$(defaults read "${AAP_plist}" AAPVersion 2> /dev/null)
    [[ -n "${aap_version}" ]] && echo "<result>${aap_version}</result>"
    [[ -z "${aap_version}" ]] && echo "<result>No AAP version number found.</result>"
else
    echo "<result>No AAP preference file.</result>"
fi

exit 0