Compliance on supported macOS version

theilgaard
New Contributor

I'm trying to create a compliance policy on supported macOS version, where I would support Catalina and Big Sur, but only in the latest incarnations.

 

Right now that would be:

Big Sur 11.5.1 (maybe also 11.5.0)

Catalina 10.15.7 (but that number do not have the latest security update from July 2021 in it, so I need something better for Catalina).

And what about Mojave?

 

If a machine is running Catalina or Mojave, I will not red-flag it, if it is on the latest and greatest security update. And for Big Sur the security content of 11.5.1 is so important I want to read flag anyone that did not update to build 20G80 (11.5.1).

 

I prefer a script that could somehow automatically flag for me what I would support?

I can't find a place only to compare macOS version to, to know if I'm on the latest, and for Catalina (and Mojave) I do not even know what else to compare to in order to know if the latest security update was applied.

 

4 REPLIES 4

remyb
Contributor

You could take a look at jamf patch management. It has all the different macos versions, including their build number. And they are updated relatively quickly after macos updates are released. You could then build a smart group based on patch management versions.

Thank you for a fast reply. This is a great suggestion, but I was more into something that I would later report back from the device, so more like a script.

But I will try this first.

If anyone have a script for this, I would prefer that…

Jason33
Contributor III

Use Smart Groups and Patch Management, like @remyb suggested.  I also take it a step further and have email alerts for the Smart Group membership changes.  I had to provide daily updates on how many of our Big Sur machines were updated to 11.5.1, so having that info readily available was great.

Thank you! 

My idea was that I somehow could know what the latest build was and the second latest. What if I use the software update delay, then I might want to allow the second latest build in order to be compliant.

It seems Apple is not making this wish very easy…