@_aDiedericks How about a smart group with criteria for macOS Ventura and Last Enrollment less than 1 days.
Thanks.
@_aDiedericks How about a smart group with criteria for macOS Ventura and Last Enrollment less than 1 days.
Thanks.
I didn't even know that was a thing. I actually did a workaround that I just deleted this morning.
It involved a policy that applies during the enrolment process to use the touch command to download a placeholder file to /Users/Shared/. Then a custom attribute to check for the status of that file's existence to behave much like a flag. This applied through a policy during enrolment only and macOS Ventura devices only.
A smart group was also create with the criteria to check for the existence of said flag, that if it saw the flag and the machine was also in MacOS Ventura then the assumption would be that this device was enrolled on macOS Ventura and not upgraded, then apply the config.
Though this worked a few times it seems that because config files load first whether or not the policy runs to create the flag file in the first place is RNG. Sometimes it would just deploy the Monterey and Ventura config together because the configs apply first before the policy to create the flag in the first place.
Your method seems way more reasonable 🤣 I'll give it a go, thanks.
@_aDiedericks How about a smart group with criteria for macOS Ventura and Last Enrollment less than 1 days.
Thanks.
@karthikeyan_mac Just checking the logic of this criteria. If a device passes 2 days after enrolment would it then not fall out of this scope therefore losing the configuration assigned based on that scope?
@karthikeyan_mac Just checking the logic of this criteria. If a device passes 2 days after enrolment would it then not fall out of this scope therefore losing the configuration assigned based on that scope?
What if the criteria specified was to look for "Enrolment method - Prestaged" and "macOS Ventura devices".
This would work based on the assumption that Prestaging only takes place during device setup i.e fresh install/reset of OS.
Managed to get this working applying logic from a different angle.
- I created a scope looking for devices that are Ventura but do not have the Sophos Monterey profile already installed.
- The scope for the Sophos Monterey config, I applied to all devices but excluding the scope I create in the above.
- and the scope for Sophos Ventura config, I applied the first scope I mentioned here.
The logic here is that if a device is upgrading from Monterey to Ventura it will still have the Sophos Monterey config installed so therefore the Sophos Ventura config should not be applied and the Sophos Monterey config should stay.
But if a device has Ventura installed but doesn't already have the Sophos Monterey config, then install Sophos Ventura config.
I will be testing this by downgrading to macOS Monterey and then upgrading to macOS Ventura to see if the Sophos Monterey config stays persistent across upgrades. I've already tested fresh installs of Ventura, the correct configuration profile is applied which is Sophos Ventura config as it should.
[update]
I've tested this upgrading from macOS Monterey to Ventura. Sophos Monterey profile is still persistent across upgrades.
