macOS software updates LOGOUT trigger being removed!!

tcandela
Valued Contributor II

I have macOS updates install on LOGOUT on laptops, and now I see that my logout triggers have a JAMF indication that the LOGOUT trigger is being removed in a future release.

How are you JAMF users installing macOS updates on your enrolled macs?

what trigger(s) are you using?
or you use Self Service?

On iMacs I have macOS updates install on the CHECKIN trigger between certain hours at night when users are not at the iMacs.

10 REPLIES 10

FleetBeat_AMART
New Contributor II

following!

walt
Contributor III

I have seen this on my policies too. If I am understanding it correctly Apple is more or less handling macOS updates but I don't know how that might correlate to logout triggers overall.

kerouak
Valued Contributor

Apple announce a while back that login and logout triggers were being deprecated..

pramodmac
New Contributor III

Jamf Documented here..

https://docs.jamf.com/10.24.1/jamf-pro/release-notes/Deprecations_and_Removals.html

tcandela
Valued Contributor II

I had Mac OS updates install on logout but now it looks like I have to change that trigger I'm trying to see how others are installing these Mac OS updates.

SCCM
Contributor III

Jamfs recommended guide is here: https://docs.jamf.com/best-practice-workflows/jamf-pro/managing-macos-updates/Introduction.html
But i cant get the stuff to work in my environment. I need all the productions machines to all have a deffereal of 90day (incase it breaks third part software), and only for our test machines to update when new minor updates are released. Once all the testing is complete we need to send a mass update command to overide the defferal so users can download and install the update. with the deferals on the machines dont seem to get a update it just says no updates avaliable. Scipts ive found online dont get around it either. Iam not sure if your using anything like the above in your workflow?

user-aWoWcZGFtB
New Contributor

The "Logout" policy trigger will be removed in a future release. 2. Starting with any newer macOS (10.14+) with PPPC/TCC requirements MyAccountAccess they do not allow for these processes to be ran while NOT in the background if they are doing anything that interact with these newly protected areas.

tcandela
Valued Contributor II

i'm probably going to have the updates available via Self Service instead of logout. Just remove the logout trigger and enable it for self service with notification to notify user.

If they have any macOS updates then install them via Self Service or use the system preferences --> software updates interface.

jhuls
Contributor III

One suggestion...https://derflounder.wordpress.com/2019/02/05/providing-access-to-macos-software-updates-via-jamf-pro...

I have not tested this without administration privileges though. It's not perfect because the user must do it. I have users that cancel the updates if they see that it requires a restart. That might be changing soon though.

ladygreyjedi
New Contributor III

I handle macOS updates a little differently, and dont rely on users logging out. They are in patch management: I have two policies, one for the most recent combo update, and one for the most recent security update. I have smart groups that are based on if the device has the combo update or not. Then the policies are scoped to the appropriate patch policy.

I have a policy that is schedule for after hours, which calls script that goes through all of the id numbers for macOS patch policies, referencing the patch id number. The patch id doesn't run if it doesn't have the appropriate combo update or security update. I've reference my script below.

That being said, Big Sur screws that completely up, which is a pain point as we prefer controlling via packages on our distribution point. So we shall see.

#!/bin/sh

########################################################################
#########################   macOS 10.15   ##############################
########################################################################

jamf patch -id 180
#macOS 10.15 - Shore Combo

jamf patch -id 182
#macOS 10.15 - Shore Security

jamf patch -id 181
#macOS 10.15 - Fleet Combo

jamf patch -id 183
#macOS 10.15 - Fleet Security



########################################################################
#########################   macOS 10.14   ##############################
########################################################################

jamf patch -id 170
#macOS 10.14 - Shore Combo

jamf patch -id 184
#macOS 10.14 - Shore Security

jamf patch -id 171
#macOS 10.14 - Fleet Combo

jamf patch -id 185
#macOS 10.14 - Fleet Security

exit 0