Best Practice for Apple Software Updates

New Contributor

Hello, Myself and org org are new to the jamf system and Mac's in our enterprise as a whole. I'm attempting to bring our current and future Mac OS X user base up to a standard our InfoSec team will sign off on and I have a question regarding Apple system updates.

What has worked well for people related to this? My concerns are that most Mac users don't regularly restart or even logout of their systems(so much easier just to close the lid) so I need to ensure that system updates like the security patch that was released earlier this week get applied in a timely manner. I had a policy set that was doing Software update at checkin but has my test system fail hard with this as when I went to reboot it due to the required restart (had it set with the 5 minute timer) I received the error about unauthorized caller and could not get it to boot back up even after doing the safe mode steps. all my systems that I will be deploying to are 10.11.x macbook airs and macbook pros.

Thank you in advance for your time


Honored Contributor II
Honored Contributor II

From a technical perspective, there's a policy option to run updates or the softwareupdate command-line tool with various options.

Casper can go from gently nagging users right up to forcibly kicking them off the Mac, installing and rebooting.

So you can choose the method that you feel most appropriate to your users.

I find a bit of nagging, followed by the stricter approach works, particularly if there are compliance or regulatory conditions you must meet.

Contributor II

+1 on the softwareupdate command.

I use the download all option first then kick off the installation at a later time.

Valued Contributor II

+2 software update command.

We are forcing the updated with a rolling 7 days. Do it on your own ASAP or within 7 days you Mac will reboot in the middle of the most important meeting in your life : )