Help

How to restrict minor update

HS
New Contributor

Posted on ‎06-27-2023 08:39 PM

Hi, All :)

I want to restrict updates for macOS Ventura at version 13.2.1 and prevent further updates. I have been using a 90-day restriction policy, but it expired yesterday, and the restriction was lifted. I'm wondering if anyone has a specific method to restrict minor updates.

Thank you 

0 Kudos
Reply
8 REPLIES 8

AJPinto
Honored Contributor III

Posted on ‎06-28-2023 05:07 AM

Its not possible. The max is 90 days. However considering 13.2.1 is a 0 day, along with 13.3.1 and 13.4.1 I would consider getting those updates out ASAP.

0 Kudos
Reply

sdagley
Esteemed Contributor II

Posted on ‎06-28-2023 05:22 AM

Be aware that because there are two different versions of macOS 13.4.1 (Build 22F82 is for all Macs prior to the Mid 2023 models, and Build 22F2083 is for Mid 2023 Macs only) using a minor version update deferral will trigger a "The base build is not compatible for this install method." error from Software Update on pre-Mid 2023 machines because it will defer the 22F82 update but then try to process the 22F2083.

Reply

Samstar777
Contributor II

Posted on ‎06-28-2023 06:26 PM

We can defer an update max for 90 days and I am unsure why you want to further delay the critical updates ? Is there any use case to defer a software update for more than max 90 days ?

0 Kudos
Reply

sdagley
Esteemed Contributor II
In response to Samstar777

Posted on ‎06-28-2023 06:46 PM

That may depend on if your organization views having an up to date macOS installation is more important than having a so-called "Security" tool installed. Hopefully it's no longer the case, but there have been instances in the past where "Security" vendors have taken more than 90 days to release an update to their software which was compatible with a new version of macOS.

0 Kudos
Reply

Samstar777
Contributor II
In response to sdagley

Posted on ‎06-29-2023 10:10 AM

I will agree that few vendors out there could not provide app compatibility for a new macOS major version and but this is not true for minor updates.

0 Kudos
Reply

sdagley
Esteemed Contributor II
In response to Samstar777

Posted on ‎06-29-2023 11:36 AM

You'd hope so. There was one security vendor whose tool broke with macOS 13.4 because Apple increased the size of a buffer. When hey were initially advised of the problem they replied it would be a month before they released a fix as part of their regular release schedule. It was only after multiple customers complained that they agreed to provide hot fixes for existing releases, and even those didn't appear until the week after Apple released 13.4.

0 Kudos
Reply

russell_garriso
New Contributor III

Posted on ‎07-06-2023 01:17 PM

Thanks @sdagley for commenting on this thread. I have been struggling with this and the explanation makes sense. Definitely rolled my eyes when I saw the two different builds on Mr. Macintosh drop last month. I can see both sides of the argument here, but really what has happened is Apple has broken a working process for managing security updates with these two builds. It is clearly a bit of an issue when even vendors like Jamf are not able to keep up with these kinds of breaking changes in "minor" updates. I personally do not believe splitting your build/release train in a minor release, but then again I hold many things the wrong way and make up for it with rigorous testing and help from people like all of you. Thanks again.

0 Kudos
Reply

russell_garriso
New Contributor III

Posted on ‎07-12-2023 02:25 PM

Hit this again with Rapid Security Response. Created new thread to increase visibility: https://community.jamf.com/t5/jamf-pro/the-base-build-is-not-compatible-for-this-install-method/m-p/...

0 Kudos
Reply