Question

Management and Big Sur Security Updates

Forum|Forum|4 years ago
May 4, 2021
9 replies
57 views

jschank
Contributor

Does ANYONE have a process to push out Big Sur Security Updates through Jamf?

I tried using Files and Processes within a Policy to no avail. Using Execute Command "softwareupdate -i -a -R" set to Recurring Check-In and then going to client device and running sudo jamf policy. I see the command run but it hangs like it needs authentication.

I am task to enforce the Security Updates due to the latest vulnerabilities.

https://support.apple.com/en-us/HT212335

If anyone has a process please provide info. I would greatly appreciate it.

Ken_Bailey
Contributor
Forum|Forum|4 years ago
May 5, 2021

We are currently leveraging the command.
/usr/sbin/softwareupdate -i -a -R --force
It can take a bit as it then proceeds to download the software before actually kicking it off if it is not already downloaded.

nduplessis
New Contributor
Forum|Forum|4 years ago
May 6, 2021

The UX of this is TERRIBLE.

There's absolutely no context for the user to understand what's happening. No matter how you slice this from an admin perspective, your user's Mac is either going to restart right from under them without any warning or you're displaying some shitty Jamf window with a message to defer, which quite frankly floods our support capacity with "Is this malware?!" requests.

Jamf really needs to up their game here

user-uVIrofrYAp
New Contributor
Forum|Forum|4 years ago
May 6, 2021

This mechanism also protects against failed system updates, whose Seal won't match the During early startup, macOS Big Sur checks the Seal on the system. by Apple, and their installation and control is managed by their companion app.

PrepaidCardStatus

thomas_moser
Contributor
Forum|Forum|4 years ago
May 6, 2021

We currently use the script from bp88: https://github.com/bp88/JSS-Scripts/blob/master/AppleSoftwareUpdate.sh

And it works fine for us, of course you may have to tell your users that there is some manual labor from their side too. Since Big Sur/M1 devices are available, to make it work.

Also he has written a nice blog about his new script for Updates over Jamf (a new one, not the above mentioned): https://babodee.wordpress.com/2021/03/30/handling-major-upgrades-and-minor-updates-for-macos-with-jamf/
Maybe this is something you can try

Matt_Ellis
Valued Contributor
Forum|Forum|4 years ago
May 14, 2021

@thomas.moser Do you use that script for only minor updates. I'm trying to find something I can use that will nag my users to run the updates that only care's about minor updates, not whole macOS upgrades. That works on Catalina, Big Sur, and M1s I will have all my users just use software updates.

+12

mschroder
Valued Contributor
Forum|Forum|4 years ago
May 17, 2021

@thomas.moser I tried that script and it appears to work for minor updates of pre-Big Sur Macs, but on Big Sur if the user does nothingin the end it will just download the installer, do a reboot - but does not install the update :(

How did you get it to work?

+12

k3vmo
Valued Contributor
Forum|Forum|4 years ago
June 1, 2021

Dying to know the above as well ... I'm having the most challenging time getting any method to start the install ...

+20

tcandela
Contributor
Forum|Forum|4 years ago
July 7, 2021

has anyone tried a configuration profile with just the 'software update' payload configured?

if so, if the 'software update server' is left blank does it default to Apple?

also, what happens if a user is logged in and an update kicks off? does the user get interrupted with a possible 'restart' out of nowhere?

+20

tcandela
Contributor
Forum|Forum|4 years ago
September 21, 2021

anyone get a policy to successfully install the Big Sur updates when they come out?

11.6 is now the new update for Big Sur - has anyone gotten a policy that installs this?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded