macOS Big Sur to macOS Sonoma out-of-box experience.

BriBri210786
New Contributor

I have around 30 MacBook Air computers which were shipped with macOS Big Sur. I was thinking of creating a static computer group and add the serial number for those MacBooks so that I could then add them to a policy which updates the software from macOS Big Sur to macOS Sonoma when the user logs in. 

Is this possible? The devices I have are PreStage enrolled for ADE. 

I'm still early in learning more about JAMF so if anyone had some advise or direction on how to go about this that would be greatly appreciated. 

The use case is that just now if we give one of these to a user it will enrol on Big Sur which is unsupported. Is there a better way? Can we upgrade them to Big Sur then erase the MacBook so it then enrols and installs macOS when next user logs in? As far as I'm led to believe this would install macOS Big Sur again as this is what the device was shipped with. 

1 ACCEPTED SOLUTION

sdagley
Esteemed Contributor II

@BriBri210786 If these are M1 MacBook Airs that you have in hand simply use Apple Configurator 2 to do a  DFU Restore with the latest version of the macOS Sonoma .ipsw image before sending to users. Total time to re-image the Mac is around 10 minutes.

For a list of available .ipsw files see: https://mrmacintosh.com/apple-silicon-m1-full-macos-restore-ipsw-firmware-files-database/

For instructions on how to do a DFU Restore see: https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/

(With thanks to @ClassicII for that site)

View solution in original post

4 REPLIES 4

AJPinto
Honored Contributor III

If your Macs are Apple Silicon, you cannot run OS updates on them with a policy. This is an Apple intended "limitation". MacOS updates are less about the MDM (Jamf) and more about what Apple allows admins to do. I would suggest updating these devices before trying to deploy them to users. It's just a bad experience to get a new device, get logged in and have 2hrs to update, and deal with IT for any troubleshooting needed. 

 

Apple Silicon Macs Options:

  • Give your users admin access to handle the OS updates themselves 
    • The user experience: Totally out of the box apple curated. 
    • Note: Major OS updates require Admin access.
  • Use an MDM Command to deploy the OS updates
    • The user experience: User will receive a notification from macOS that OS updates are being scheduled to install by the administrator, and it will provide the date/time that the OS updates will install.
    • Note: Until macOS 14 which moved OS updates to use DDM, the MDM Command OS updates have about a 30% failure rate (Apple poor designed workflows).

 

If you have Intel Macs Options:

  • You can run sudo softwareupdate -aiR from a policy on whatever trigger you want.
    • The user experience: The user won't see anything happen, and the device will force reboot when the OS updates are ready without any warning.
    • Note: You cannot separate the reboot from the OS update install process as the OS updates require a bootstrap token to authorize which can only come from the software update binary.
  • You can use the processes above with Apple Silicon with the same user experiences and comments. 

 

TLDR; Apples general direction is you use DDM/MDM commands to issue OS updates, which Jamf deploys as a management command with no option to use a policy. Or you don't manage OS updates at all and let users do their own thing.

sdagley
Esteemed Contributor II

@BriBri210786 If these are M1 MacBook Airs that you have in hand simply use Apple Configurator 2 to do a  DFU Restore with the latest version of the macOS Sonoma .ipsw image before sending to users. Total time to re-image the Mac is around 10 minutes.

For a list of available .ipsw files see: https://mrmacintosh.com/apple-silicon-m1-full-macos-restore-ipsw-firmware-files-database/

For instructions on how to do a DFU Restore see: https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/

(With thanks to @ClassicII for that site)

obi-k
Valued Contributor II

Was thinking of this route too. If you hand the customer a Big Sur Mac and wait for them to update, what if they don't or take too long to upgrade?

I was thinking of a bootable hard drive installer to save time if these MacBook Airs allowed it.

https://support.apple.com/en-us/101578

Keith_L
New Contributor III

You can't Add Serial numbers into a Static Group (if device yet to be enrolled).

But you can add them into a Smart Group, manually entering each serial number.