Software Updates

@eaititig Were your Macs were enrolled in Jamf Pro via Automated Device Enrollment from your ASM/ABM account?

The MDM Update commands won't work if the Mac was manually enrolled.

What would be the work around this? Create an update policy? 

Yes, I'd also very much like to see an official comment from Jamf on this quagmire of a situation. 

We're having the same issues with our entire fleet of Mac on Big Sur or Monterey (enrolled though ADE or not makes no difference).
The only reliable way to update has been to download the latest complete macOS installer and running startosinstall.

@emilh Try this (It should work if your Macs were enrolled in Jamf Pro via ADE) :

Do a search in Jamf Pro for M1 Macs you want to upgrade to 12.2.1
Click the "Action" button on the search results screen
Select the "Send Remote Commands" Action then click the Next button
Select the "Update OS version and built-in apps (macOS 10.11 or later, Supervised or enrolled via a PreStage enrollment)" item under Remote Commands
Click "Specific version" under Target Version and then select 12.2.1 from the popup
Select "Download and install the update, and restart computers after installation" under Install Action, then click the "Next" button

That will send the MDM command to install macOS 12.2.1 to the Macs selected in Step 1. I _think_ you need to have someone logged in for that to work (I've never tried it without someone logged in). Do not use any of the deferred options under Install Action as that doesn't work reliably (although 12.3 is supposed to fix that)

The current state of managing software updates with Jamf Pro is completely unacceptable for an enterprise environment.  Running an inventory (recon) can't even properly record when there is a software update available, which breaks my smart groups, which breaks my policies.  All of that is a moot point while updates can't be managed with policies anymore, and must be manually pushed with a MDM command that runs at a seemingly random timeframe if ever.

My understanding is that Apple updated MDM commands to allow for a much greater level of control some time ago, and that Jamf has simply not implemented those controls yet.

I think this community is overdue an update on when this is going to be fixed.

There are no words to describe my frustration with these pitiful macOS update tools. The results are so unpredictable, it's almost a fluke when it works.

And we're not even talking about the miserable user interaction interface... Downloading the packages can take up to 30 minutes; that's enough for the user to forget that he launched it! And BANG! The computer restarts without warning. These are clearly not enterprise-level tools.

Apple also plays a part in fixing this as well, as the restart command sent as part of the update is thwarted by an open app.  A true managed update command will "shutdown -r now" and force the restart.

Bump. 2023, Mac Studios, escrowed etc. Still a problem. 

I have Cybersec on my back about patching zero days, and I can't do it.

Allegedly MacOS 14 is coming with actual managed update capabilities.  MDM commands have been an abject failure.

See the Explore advances in declarative device management session from WWDC23 for details about the new capabilities to specify enforced update deadlines and minimum OS versions for enrollment using Declarative Device Management in macOS 14 and iOS/iPadOS 17.

Happy and disappointed finding this thread....I am having this issue as well. I have labs that rely on OSX updates in order for Xcode to be kept up to date. 

The latest i found Jamf Pro 10.48 was with the introduction to Software Updates in Jamf Pro, i can no longer run a MDM command to s single computer (via Mass action or going to the computer record and clicking on. a managemtn command), i need to create a smartgroup to do it.  Not that it every worked reliably, but support asked me to test it with a different one-of computer vs using a smart group.

I am also having a problem when I run updates that it is getting stuck,  I am trying to manually update 13.1 to 13.4.1 and all my machines that are enrolled in jamf are stuck at a black screen with the Apple logo on them. Anyone know why? I don't have any deferments set, I don't have any policies in place.  I am at a total loss.

Yeah, I have tried the smart group in the past, it didn't seem to make a difference. I hope the new update makes a difference

Support has confirmed that the new interface changes nothing in the method of MDM command push. So for me, still broken.

Fan-friggen-tastic 

Quite glad to find out I'm not the only one fighting this battle. An enterprise tool such as this shouldn't be having these issues.

Apple goes through all this trouble of keep a chain of custody from apple school manager to Jamf, then why not give us the power to fully control the updates(and everything else) like in the past, on these secured/supervise computers, and leave all the extra security to the consumers.

I think the long story short of it is that MDM commands simply don't work in any reliable/predictable manner.  Hopefully the reality of managed updates via DDM in MacOS 14 lives up to the hype.

yeah im not holding my breath

So this looks like the DDM config that controls the updates,

com.apple.configuration.softwareupdate.enforcement.specific

I cant find anything on Jamf that lets us do this yet, even though it says DDM is ready in Jamf Pro 10.48

https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Declarative_Device_Management.html

As long as it's in place in Jamf by the time 14 goes live...

it says it should work with macos 13 Ventura this has been out since WWDC 2021

But there is next to no documentation from Jamf on how to use this. im mainly interested in setting up the configuration and not having to write my own config files, i dont pay jamf to write my own scripts for everything.  All this should be in a GUI format as soon as its made available out of Beta.