macOS 12 - macOS Monterey

mattmghost
New Contributor II

Apple just announced macOS Monterey (macOS 12) earlier today. Make sure to block the beta installer for everyone except your testing machines. Restrict the following process:

Install macOS Monterey Beta.app

40 REPLIES 40

bradtchapman
Valued Contributor II

I'd also suggest "Install macOS Beta.app" incase the SWE team didn't know the name of the OS prior to building the first beta.

DBrowning
Valued Contributor II

Install macOS 12 Beta.app

ssmurphy
New Contributor III

Looks like

Install macOS 12 Beta.app

is the string to block

sdagley
Esteemed Contributor II

If you block the process named "InstallAssistant" that should block any variant of the "Install macOS..." app

mm2270
Legendary Contributor III

I already block the InstallAssistant process, so we might be ok, but I'll be adding in a new "Install macOS 12 Beta.app" Restricted Software item just in case.

As an aside, it seems Apple is now going to jump the main version number with each new OS release. We went from many years of 10.x.x versions to 11.x last year and now 12.x. It will be interesting to see if they continue with that numbering convention for the long haul.

sdagley
Esteemed Contributor II

I hope so. That might mean we actually get update releases of macOS Big Sur with incremented version numbers once macOS Monterey ships rather than the innumerable Builds there have been for macOS Catalina 10.15.7

mm2270
Legendary Contributor III

@sdagley Hmm, I don't necessarily see how that would mean Apple would ship further Big Sur incremental updates after Monterey ships. I mean, there was literally nothing technical stopping Apple from releasing a macOS 10.15.8 or 10.15.9 point release after Big Sur came out, was there? This is just SOP for Apple. Move on to the new OS and forget about the old one. macOS Big what? Never heard of it!
Of course, in reality they have committed to an N-2 support model, so they still need to provide updates to Big Sur and Catalina once Monterey ships, but they really don't like anyone to focus on that. Hence the boring old build updates and not incremental version updates, if you ask me. Just my 2¢.

sdagley
Esteemed Contributor II

That's why I said "might". Sometimes I feel like Apple PR is as involved in the release process as Engineering, and doesn't like seeing large version numbers, or rapid changes in them. That could explain the 14.0.3 and 14.1 versions of Safari where there were two releases of each but the CFBundleShortVerisonString wasn't changed despite a new build number, or the re-release of Catalina Security Update 2021-001 instead of progressing to version 2021-002 like they did for Mojave to pick up the sudo fix from the Catalina Supplemental Security Update.

bradtchapman
Valued Contributor II

@mm2270, check Slack.

mschroder
Valued Contributor

@mm2270 Do you have a pointer do anything that shows that Apple commits to support the N-2 model? As far as I remember Apple does not commit to anything with respect to supporting it's OS. From what we see we can deduce that for the time being they do support N-2, but having a commitment would be nice.

I also have some hope that we get reasonable minor update numbering in the future, instead of the horrible Security Update numbering and additional Security Updates.

snowfox
Contributor III

As far as I know macOS now follows the same naming convention as their other OS's, iOS, tvOS, iPadOS, watchOS. So it will increment every year with a major release number just like iOS. I don't know about minor increments for 11.x.x once 12 comes out. Look to what iOS does regarding previous versions and it's a good bet macOS will do the same going forward. That was the whole point of changing the numbering convention to match iOS etc. @mschroder There is no N-2 documentation that I am aware of. We simply know based on what OS versions new patches and security releases are released for, currently 11.x.x, 10.15 and 10.14. Once 12.x.x comes out you will most likely see 10.14 security patch releases stop. Apple want everyone using the latest version of their OS every year.

LeeRahn
New Contributor

You can also restrict macOSDeveloperBetaAccessUtility.pkg so that the end user does not see Monterey.

mhasman
Valued Contributor

What is the best practice, please, can few Names of the process to restrict be added to Process Name field? Like:

"Install macOS Beta.app", "macOSDeveloperBetaAccessUtility.pkg", "Install macOS 12 Beta.app"

Or any one of those above should be added as separate restricted software record?

Thanks!

e8ccbfd3606e44368ff5e531cb5227ef

sdagley
Esteemed Contributor II

You can't restrict multiple processes like that. Simply blocking "InstallAssistant" will prevent the installer GUI form running with all recent versions of the macOS release and beta installers.

mm2270
Legendary Contributor III

@mhasman Only one process can be added per Restricted Software title.

I would just add InstallAssistant and Install macOS 12 Beta.app Those should be enough.

mhasman
Valued Contributor

@sdagley , @mm2270 Thank you! I can not block "InstallAssistant" cuz some Macs still should be upgraded to Catalina... There is a little delay with pandemic

sdagley
Esteemed Contributor II

@mhasman If you're using a script like macOSUpgrade or erase-install to initiate a Catalina upgrade from Self Service then blocking "InstallAssistant" won't prevent them from running.

gachowski
Valued Contributor II

@mschroder

I am 98% it was said during a Keynote, just like upgrades every year... 100% sure Tim said that !!! However I don't disagree with your "vibe" ... There are many times where Apple has said one thing and done something else ... :)

C

C

dcgagne
Contributor

I'd probably want a second pair of eyes to double check my shaky regex, but here is a string to identify devices incompatible with Monterey using the model identifier criteria:

^(iMac[1-9],|iMac1[0-4],[0-4]|MacBook[1-8],|MacBookAir[1-6],|MacBookPro[1-9],|MacBookPro1[0-1],[0-3]|Macmini[1-6],|MacPro[1-5],)

MacMaul
New Contributor II

According to everymac.com, iMac15's aren't supported on Monterey either, so I updated your regex to include them:

^(iMac[1-9],|iMac1[0-5],|MacBook[1-8],|MacBookAir[1-6],|MacBookPro[1-9],|MacBookPro1[0-1],[0-3]|Macmini[1-6],|MacPro[1-5],)

 

glennmiller
New Contributor III

I don't understand why no one has pointed out the Software Update configuration profile that doesn't allow Beta's??
Does it not work for you? Works perfectly for us and allows other Major to Major versions.
4bd2e143d965403fb369b6bd804d5a46

MatG
Contributor III

1825ece5ce064f01922596256be068aa
@dcgagne I guess this is added to a smart group with Model Identifier and then set as regex?

dcgagne
Contributor

@MatG You got it

Surajit
New Contributor III

Does anyone have an updated version for this EA which supports Monterey ?
jamf_ea_LatestOSSupported.sh

mickl089
Contributor III

Does anybody know, how we can block Monterey after release?

DBrowning
Valued Contributor II

@mickl089  You'll be able to add the installer app or the installassistant to your restricted software.  You can also use the new softwareupdate profile payloads.  

Windbiel
New Contributor II

Is there a way to ignore monterey when it's release.  I don't think the "sudo softwareupdate --ignore "macOS Monterey" works any more.

praveenraju
New Contributor

Is there a way to block the macOS Monterey using a script.

Genesys-AJ
New Contributor

Hello, anyone how to block Monterey from the Restrictions Software part. We do this with Big Sur and works fine in the past, with Monterey now not, Users able to start the install, As i see you say we can block the InstallAssistant but i have during the start of the upgrade this not in my process list. second here, when we set the restrictions and apply to all computer, correct me this is applied then to all in JAMF, right? Sorry really new to JAMF and lerning a lot at the Moment.

GenesysAJ_0-1635245614919.png

 

bradtchapman
Valued Contributor II

Uncheck “restrict exact process name.”

sbrammer
New Contributor III

I am having the same issues as others with blocking Monterey. What did work before with Big Sur is no longer working. I am using restricted software to block the actual Install macOS Monterey.app as well as the InstallAssistant. I also have a policy to ignore, but it does not seem to work like it did when i was blocking Big Sur

Run Unix command 'sudo softwareupdate --ignore "macOS Monterey"'
===

 

The only way i have found is to defer it for 90 days, which i wish they would give a longer time as we are in higher education and only do major upgrades like these in the summer to give us time to test all the software prior

The --ignore flag for the softwareupdate command has been deprecated by Apple. Thats why it does not work anymore (and unlikely to come back anytime soon)

mhasman
Valued Contributor

softwareupdate: unrecognized option `--ignore' 

Exactly. Thats the error message that you get when you still try to run it.

Windbiel
New Contributor II

Same as Sbrammer, they only solution right now is the 90 option within Jamf's configuration Profile, under restrictions, and Functionality, the scroll down and change Delay software updates from Major updates the max 90 days.  My companies IS teams takes like 8 months to approve the new releases.

mhasman
Valued Contributor

That works, thank you @Windbiel!

At list we have 90 days to figure out compatibility with other enterprise IT parts with no users asking "I see Monterey in Software Update, should I install it?"

sbrammer
New Contributor III

Is there a way to defer the update past 90 days? Would be nice to at least have an option for deferring 180 days. Also, will the restricted software option in Jamf still work?  Would really not like it to show up at all, so the defer option will be great until the 91st day, then will the restricted software still apply? I haven't tested it yet but will work on that today to find out. 

Block MacOS.JPG

mhasman
Valued Contributor

It works, too; unfortunately, action happens after 12GB downloaded 

mateow
New Contributor

Defer only works for updates not upgrades.  (10.15 to 10.15.2 for example)