Jamf Nation Community

hwjhartmann · ‎06-04-2020

I've seen a couple of old threads regarding ways of enforcing macOS security updates but not much for the recent version of Jamf Pro 10.x

We are exploring the use of Patch Management currently. Does anyone have any best practice recommendations on enforcing devices to update to the latest critical or security updates on macOS when they are released?

Stubakka · ‎06-25-2020

I use a Profile to enforce Apple updates with a deferral also so make it easier on the users incase its a bad time.

You can also use a config profile to do this. But I like having the deferral because it will show a message on screen etc.

richardedmond · ‎01-13-2021

Hello,
I know this is old but I have the same question as the original poster... How do we only address and enforce only the security updates? Not all major OS updates.

This is such a great resource ... thank you everyone who helps others.

shalas · ‎02-16-2022

I would also like to know this. Updates seem to be a bit of a mess lately. There are some threads mentioning new things coming (no timeline though) and the general rule seems to be MDM commands, but, you can only update to specific OS versions (only very recent ones too) and nothing specific to security updates.

donjakubczak · ‎04-09-2022

Instead of using the Software Update configure process couldn't you instead configure the Files & Processes to use:

softwareupdate -i -r

which should just look for security updates.
Then also configure Restart Options to restart if needed for both when a user is logged in or not and give them a certain time to save files prior to restarting?

JoAnneB · ‎01-12-2023

For the Profile Software update policy, I know we can customize the user interaction message but can we be able to add any personal logo on that?

Cmolina001 · ‎02-01-2023

this may be a dumb question but how do I get apple software update server to be an option. its not in our environment

Jamf Nation Community

Enforcing macOS security updates