macOS updates / ScheduleOSUpdate command

1. Softwareupdates cannot be deployed with a configuration profile. You would use a configuration profile to set softwareupdate deferrals or configure automatic updates.
2. JAMF Splits the MDM Commands for Software Updates. Some like installASAP are available in the inventory record, others like MaxUserDeferrals (InstallForceRestart) and come only from mass action's. 
   1. Softwareupdate Scan, Softwareupdate status and some of the others happen automatically without you needing to do anything when you issue the other MDM commands.
3. Unfortunately you cant, JAMF does not have any method to see issued and completed MDM commands other chan checking each device individually.
4. I exclusively use the MDM commands to issue software updates now. Other use superman or nudge, but since those tools actually cannot do anything other than pester the user to do the thing I dont bother with them. 
   1. My work flow
      
      • A policy runs a script on my devices every day. If there are OS updates available it prompts the user with JAMF Helper and opens System Settings > Software Update. If there are no updates it just exits, we have a 7 day defer. This usually gets about 50% of my users to update
      • 21 days after the OS updates release I push a MaxUserDeferrals mass action with 2 deferrals. Unfortunately MDM commands have about a 30% fail rate, and there is no logging or reporting you can really use. We will usually be around 90% at this point which is compliant for my organization, they want above 95% but 90% will keep you off reports.
      • At 30 days I will send notifications to the stragglers advising if their device is not updated it will start to receive software restrictions due to being out of compliance. 
      • at 35 days I target all devices not running the OS we want with software restrictions and force quit all the core apps with notifications to run OS updates. This is usually online devices, and maybe less than 10 devices with actual issues. Make the users come to me.

Your last question. Software Update Servers are depreciated as of 4 years ago or so. The best you can to is configure content caching which is where Macs will cache the OS updates for other Macs, this is literally just a check box and you have no control beyond that. All OS updates must come directly from Apple, you cannot house them on an internal OS update server anymore.

some literature if you are interested. 

macOS Upgrades and Updates Using a Mass Action Command - Technical Paper: Deploying macOS Upgrades and Updates with Jamf Pro 10.34.0 or Later | Jamf

ScheduleOSUpdateCommand.Command.UpdatesItem | Apple Developer Documentation

Get the OS Update Status | Apple Developer Documentation

1. Softwareupdates cannot be deployed with a configuration profile. You would use a configuration profile to set softwareupdate deferrals or configure automatic updates.
2. JAMF Splits the MDM Commands for Software Updates. Some like installASAP are available in the inventory record, others like MaxUserDeferrals (InstallForceRestart) and come only from mass action's. 
   1. Softwareupdate Scan, Softwareupdate status and some of the others happen automatically without you needing to do anything when you issue the other MDM commands.
3. Unfortunately you cant, JAMF does not have any method to see issued and completed MDM commands other chan checking each device individually.
4. I exclusively use the MDM commands to issue software updates now. Other use superman or nudge, but since those tools actually cannot do anything other than pester the user to do the thing I dont bother with them. 
   1. My work flow
      
      • A policy runs a script on my devices every day. If there are OS updates available it prompts the user with JAMF Helper and opens System Settings > Software Update. If there are no updates it just exits, we have a 7 day defer. This usually gets about 50% of my users to update
      • 21 days after the OS updates release I push a MaxUserDeferrals mass action with 2 deferrals. Unfortunately MDM commands have about a 30% fail rate, and there is no logging or reporting you can really use. We will usually be around 90% at this point which is compliant for my organization, they want above 95% but 90% will keep you off reports.
      • At 30 days I will send notifications to the stragglers advising if their device is not updated it will start to receive software restrictions due to being out of compliance. 
      • at 35 days I target all devices not running the OS we want with software restrictions and force quit all the core apps with notifications to run OS updates. This is usually online devices, and maybe less than 10 devices with actual issues. Make the users come to me.

Your last question. Software Update Servers are depreciated as of 4 years ago or so. The best you can to is configure content caching which is where Macs will cache the OS updates for other Macs, this is literally just a check box and you have no control beyond that. All OS updates must come directly from Apple, you cannot house them on an internal OS update server anymore.

some literature if you are interested. 

macOS Upgrades and Updates Using a Mass Action Command - Technical Paper: Deploying macOS Upgrades and Updates with Jamf Pro 10.34.0 or Later | Jamf

ScheduleOSUpdateCommand.Command.UpdatesItem | Apple Developer Documentation

Get the OS Update Status | Apple Developer Documentation

1. Softwareupdates cannot be deployed with a configuration profile. You would use a configuration profile to set softwareupdate deferrals or configure automatic updates.
2. JAMF Splits the MDM Commands for Software Updates. Some like installASAP are available in the inventory record, others like MaxUserDeferrals (InstallForceRestart) and come only from mass action's. 
   1. Softwareupdate Scan, Softwareupdate status and some of the others happen automatically without you needing to do anything when you issue the other MDM commands.
3. Unfortunately you cant, JAMF does not have any method to see issued and completed MDM commands other chan checking each device individually.
4. I exclusively use the MDM commands to issue software updates now. Other use superman or nudge, but since those tools actually cannot do anything other than pester the user to do the thing I dont bother with them. 
   1. My work flow
      
      • A policy runs a script on my devices every day. If there are OS updates available it prompts the user with JAMF Helper and opens System Settings > Software Update. If there are no updates it just exits, we have a 7 day defer. This usually gets about 50% of my users to update
      • 21 days after the OS updates release I push a MaxUserDeferrals mass action with 2 deferrals. Unfortunately MDM commands have about a 30% fail rate, and there is no logging or reporting you can really use. We will usually be around 90% at this point which is compliant for my organization, they want above 95% but 90% will keep you off reports.
      • At 30 days I will send notifications to the stragglers advising if their device is not updated it will start to receive software restrictions due to being out of compliance. 
      • at 35 days I target all devices not running the OS we want with software restrictions and force quit all the core apps with notifications to run OS updates. This is usually online devices, and maybe less than 10 devices with actual issues. Make the users come to me.

Your last question. Software Update Servers are depreciated as of 4 years ago or so. The best you can to is configure content caching which is where Macs will cache the OS updates for other Macs, this is literally just a check box and you have no control beyond that. All OS updates must come directly from Apple, you cannot house them on an internal OS update server anymore.

some literature if you are interested. 

macOS Upgrades and Updates Using a Mass Action Command - Technical Paper: Deploying macOS Upgrades and Updates with Jamf Pro 10.34.0 or Later | Jamf

ScheduleOSUpdateCommand.Command.UpdatesItem | Apple Developer Documentation

Get the OS Update Status | Apple Developer Documentation

Hello,

Do you have any examples of your script you run for "

• A policy runs a script on my devices every day. If there are OS updates available it prompts the user with JAMF Helper and opens System Settings > Software Update. If there are no updates it just exits, we have a 7 day defer. This usually gets about 50% of my users to update"

1. Softwareupdates cannot be deployed with a configuration profile. You would use a configuration profile to set softwareupdate deferrals or configure automatic updates.
2. JAMF Splits the MDM Commands for Software Updates. Some like installASAP are available in the inventory record, others like MaxUserDeferrals (InstallForceRestart) and come only from mass action's. 
   1. Softwareupdate Scan, Softwareupdate status and some of the others happen automatically without you needing to do anything when you issue the other MDM commands.
3. Unfortunately you cant, JAMF does not have any method to see issued and completed MDM commands other chan checking each device individually.
4. I exclusively use the MDM commands to issue software updates now. Other use superman or nudge, but since those tools actually cannot do anything other than pester the user to do the thing I dont bother with them. 
   1. My work flow
      
      • A policy runs a script on my devices every day. If there are OS updates available it prompts the user with JAMF Helper and opens System Settings > Software Update. If there are no updates it just exits, we have a 7 day defer. This usually gets about 50% of my users to update
      • 21 days after the OS updates release I push a MaxUserDeferrals mass action with 2 deferrals. Unfortunately MDM commands have about a 30% fail rate, and there is no logging or reporting you can really use. We will usually be around 90% at this point which is compliant for my organization, they want above 95% but 90% will keep you off reports.
      • At 30 days I will send notifications to the stragglers advising if their device is not updated it will start to receive software restrictions due to being out of compliance. 
      • at 35 days I target all devices not running the OS we want with software restrictions and force quit all the core apps with notifications to run OS updates. This is usually online devices, and maybe less than 10 devices with actual issues. Make the users come to me.

Your last question. Software Update Servers are depreciated as of 4 years ago or so. The best you can to is configure content caching which is where Macs will cache the OS updates for other Macs, this is literally just a check box and you have no control beyond that. All OS updates must come directly from Apple, you cannot house them on an internal OS update server anymore.

some literature if you are interested. 

macOS Upgrades and Updates Using a Mass Action Command - Technical Paper: Deploying macOS Upgrades and Updates with Jamf Pro 10.34.0 or Later | Jamf

ScheduleOSUpdateCommand.Command.UpdatesItem | Apple Developer Documentation

Get the OS Update Status | Apple Developer Documentation