I've seen a couple of old threads regarding ways of enforcing macOS security updates but not much for the recent version of Jamf Pro 10.x
We are exploring the use of Patch Management currently. Does anyone have any best practice recommendations on enforcing devices to update to the latest critical or security updates on macOS when they are released?
I would also like to know this. Updates seem to be a bit of a mess lately. There are some threads mentioning new things coming (no timeline though) and the general rule seems to be MDM commands, but, you can only update to specific OS versions (only very recent ones too) and nothing specific to security updates.
Instead of using the Software Update configure process couldn't you instead configure the Files & Processes to use:
softwareupdate -i -r
which should just look for security updates.
Then also configure Restart Options to restart if needed for both when a user is logged in or not and give them a certain time to save files prior to restarting?