Posted on 10-18-2023 04:58 PM
Hello all,
We're working on forcing updates on our fleet and it seems the best way to do this reliably or at least with some feedback is via the managed-software-updates API (
POST .../api/v1/managed-software-updates/plans
. This at least provides us with variable options, including groups via single machines (which we use to test), as well as feedback as to what's happening to the machines
GET .../api/v1/managed-software-updates/plans?page=0&page-size=20&sort=planUuid%3Aasc'
However I have a few questions:
Thanks for any help! We are at the point in our fleet that a lot of users just flat out refuse to acknowledge our requests for them to update so we're looking for the best way to "force" it without necessarily having to force immediate reboots (but we've been given clearance from security and c-suite to do so if a security threat becomes big enough). Efforts taken via other Jamf methods either don't seem to go through, or don't give us reasoning if not. I'm sure the new SoftwareUpdates section will be amazing in the future, but right now the commands just seem to float off into the void.
Nate
Posted on 10-18-2023 07:49 PM
You need a bootstrap token escrowed. This is possible to do when the computer is enrolled via DEP/ADE. For user initiated enrollment, this is usually not the case (search Google, JAMF docs etc for more info). Personally, I'd look at DDM configured updates and set a specific deadline which is available in macOS 14 combined with JAMF Pro 11 as my best bet going forward. If you haven't seen that in other threads already, enforcing macOS and iOS updates is a flaky and unreliable task/process since almost forever. This is mainly an Apple and not a JAMF problem though, at least these days as JAMF has improved the software update handling code.