Skip to main content
Question

Compliance on supported macOS version

  • August 5, 2021
  • 4 replies
  • 33 views
theilgaard
Forum|alt.badge.img+5

I'm trying to create a compliance policy on supported macOS version, where I would support Catalina and Big Sur, but only in the latest incarnations.

 

Right now that would be:

Big Sur 11.5.1 (maybe also 11.5.0)

Catalina 10.15.7 (but that number do not have the latest security update from July 2021 in it, so I need something better for Catalina).

And what about Mojave?

 

If a machine is running Catalina or Mojave, I will not red-flag it, if it is on the latest and greatest security update. And for Big Sur the security content of 11.5.1 is so important I want to read flag anyone that did not update to build 20G80 (11.5.1).

 

I prefer a script that could somehow automatically flag for me what I would support?

I can't find a place only to compare macOS version to, to know if I'm on the latest, and for Catalina (and Mojave) I do not even know what else to compare to in order to know if the latest security update was applied.

 

    4 replies

    R
    Forum|alt.badge.img+7
    • remyb
    • Contributor
    • August 5, 2021

    You could take a look at jamf patch management. It has all the different macos versions, including their build number. And they are updated relatively quickly after macos updates are released. You could then build a smart group based on patch management versions.

      theilgaard
      Forum|alt.badge.img+5
      • theilgaard
      • Author
      • Jamf Heroes
      • August 6, 2021

      You could take a look at jamf patch management. It has all the different macos versions, including their build number. And they are updated relatively quickly after macos updates are released. You could then build a smart group based on patch management versions.


      Thank you for a fast reply. This is a great suggestion, but I was more into something that I would later report back from the device, so more like a script.

      But I will try this first.

      If anyone have a script for this, I would prefer that…

      Jason33
      Forum|alt.badge.img+13
      • Jason33
      • Honored Contributor
      • August 6, 2021

      Use Smart Groups and Patch Management, like @remyb suggested.  I also take it a step further and have email alerts for the Smart Group membership changes.  I had to provide daily updates on how many of our Big Sur machines were updated to 11.5.1, so having that info readily available was great.

      theilgaard
      Forum|alt.badge.img+5
      • theilgaard
      • Author
      • Jamf Heroes
      • August 11, 2021

      Use Smart Groups and Patch Management, like @remyb suggested.  I also take it a step further and have email alerts for the Smart Group membership changes.  I had to provide daily updates on how many of our Big Sur machines were updated to 11.5.1, so having that info readily available was great.


      Thank you! 

      My idea was that I somehow could know what the latest build was and the second latest. What if I use the software update delay, then I might want to allow the second latest build in order to be compliant.

      It seems Apple is not making this wish very easy…

      Terms & ConditionsCookie settingsAccessibility statement