Automated patching of headless Macs

Valued Contributor


Apologies if this has been brought up before:

I patch about 150 Zoom Macs weekly. This has worked relatively successfully until this week when 50 or so Mojave Macs decided to 'forget' they had automatic login configured, and sat at the login screen waiting for input.

In addition, when Apple release dot updates to macOS, the Setup Assistant fires more often than not, which also prevents automatic login so they can get to the Zoom Rooms app and bring the room back online.

Does anyone have any suggestions as to how I can improve the patching process? I've tried both the 'softwareupdate' binary and "Software Update" policy payload, and both exhibit the same problems. If there's an MDM profile with a PLIST that I can enforce, that will be respected at each boot it might be helpful, similar to how DEP works.

Thanks a lot,