Hi, All :)
I want to restrict updates for macOS Ventura at version 13.2.1 and prevent further updates. I have been using a 90-day restriction policy, but it expired yesterday, and the restriction was lifted. I'm wondering if anyone has a specific method to restrict minor updates.
Be aware that because there are two different versions of macOS 13.4.1 (Build 22F82 is for all Macs prior to the Mid 2023 models, and Build 22F2083 is for Mid 2023 Macs only) using a minor version update deferral will trigger a "The base build is not compatible for this install method." error from Software Update on pre-Mid 2023 machines because it will defer the 22F82 update but then try to process the 22F2083.
That may depend on if your organization views having an up to date macOS installation is more important than having a so-called "Security" tool installed. Hopefully it's no longer the case, but there have been instances in the past where "Security" vendors have taken more than 90 days to release an update to their software which was compatible with a new version of macOS.
You'd hope so. There was one security vendor whose tool broke with macOS 13.4 because Apple increased the size of a buffer. When hey were initially advised of the problem they replied it would be a month before they released a fix as part of their regular release schedule. It was only after multiple customers complained that they agreed to provide hot fixes for existing releases, and even those didn't appear until the week after Apple released 13.4.
Thanks @sdagley for commenting on this thread. I have been struggling with this and the explanation makes sense. Definitely rolled my eyes when I saw the two different builds on Mr. Macintosh drop last month. I can see both sides of the argument here, but really what has happened is Apple has broken a working process for managing security updates with these two builds. It is clearly a bit of an issue when even vendors like Jamf are not able to keep up with these kinds of breaking changes in "minor" updates. I personally do not believe splitting your build/release train in a minor release, but then again I hold many things the wrong way and make up for it with rigorous testing and help from people like all of you. Thanks again.