How to update MacOS Big Sur on Intel and M1 Mac's (minor and mayor updates)

New Contributor II

Hi y'all,

Could someone point me in the right direction for updating our Mac's?

We are integrating a newly aquired company which had a pretty relaxed IT policy: there was no update management for MacOS devices.

They used Intune which, in my understanding, there is now way to force updates on a Mac.

So what they did to keep the Mac's updated was to change the compliance policy regulary to only allow access to the environment from updated Mac's. This is our opinion not the most user friendly way.

Now we purchased a couple of Jamf Pro licenses and 2 MacBook Pro's (1 Intel and 1 M1) to test update management with Jamf Pro.

Couple of years ago I used Jamf Pro at one of my former employers.

For our users we blocked the option to update their own Mac's and only we could distribute the updates.

All seems changed and my former update strategy does not work anymore. Tried the instructions from the Jamf Pro site but both for minor and for mayor updates fails.

How do you guys distribute the minor and mayor updates? We are using a mix of Intel's and M1's.


Contributor II

Yes, I am. The mass action command  for minor updates fails with the error: "The remote command failed to send". When trying to update by the mayor way, so with full Big Sur App distribution, the update fails because Rosetta 2 is active. Terrible situation. Hope you could give us more details about your approach. Are you using composer or using the Big Sur installer way?

Is your Jamf on-prem or cloud? I deploy updates based on whether it's a minor or major update. For minor updates, it's best to deploy via policy scoped to a smart group (use the Mac OS patch management criteria) For major updates, I script the download of the OS and scope to a smart group based on the Mac OS version. I use the command /usr/sbin/softwareupdate --fetch-full-installer --full-installer-version 11.4.0

But, up to you if you want to upload the OS installer package.

Thanks for sharing. Are you managing M1 Mac's? The Mass Action Command is now sending right, but there will nothing happen on the Mac. 

We have a few M1 macs that we deployed but I haven't pushed any updates to them. At the moment, I'm letting the users decide when to update their Macs. 

New Contributor II

What I don't understand about the mass action command is how does that work in the real world? Someone could be working on a project and then BOOM their laptop will kick them out and start updating for 35 minutes? Am I missing something with how that works? Basically in my situation, we have students as standard users so in the past we would have them update from Self Service. I just asked a rep how to do this and the answer was "let me get this escalated." ....really? Isn't this like the most basic usage scenario as an MDM? I am continually astounded at Jamf's response to such simple questions. Is it Jamf or is it all Apple's fault?

What package do you use when using Patch Management for OS updates? Where do you download the delta updates?
Just for updating 11.5.2 to 11.6 it would be to much to download the full-installer and deploy that.

Regarding to the following article the Delta Update size for 11.6 is 2,44GB. When you download the Installassistant.pkg it's 12,44GB.

Contributor II

My org, we deploy through a policy using the Mac OS patch management in conjunction with a smart group. You can package the OS updates yourself and upload to Jamf into the patch management. 

We package the update in Self Service using this script: 

This can either install an upgrade in place or if on 10.15 or above can perform an erase and wipe where the unit is freshly wiped and has the latest OS installed with one click.  (For this option I just make it a specific policy command that must be triggered from terminal.


There are a ton of options now though and going forward with M1's there are some new twists as well.

Gabe Shackney
Princeton Public Schools