Help

Management and Big Sur Security Updates

jschank
Contributor

Posted on ‎05-04-2021 10:19 AM

Does ANYONE have a process to push out Big Sur Security Updates through Jamf?

I tried using Files and Processes within a Policy to no avail. Using Execute Command "softwareupdate -i -a -R" set to Recurring Check-In and then going to client device and running sudo jamf policy. I see the command run but it hangs like it needs authentication.

I am task to enforce the Security Updates due to the latest vulnerabilities.

https://support.apple.com/en-us/HT212335

If anyone has a process please provide info. I would greatly appreciate it.

Reply
9 REPLIES 9

Ken_Bailey
New Contributor III

Posted on ‎05-05-2021 09:53 AM

We are currently leveraging the command.
/usr/sbin/softwareupdate -i -a -R --force
It can take a bit as it then proceeds to download the software before actually kicking it off if it is not already downloaded.

0 Kudos
Reply

nduplessis
New Contributor II

Posted on ‎05-06-2021 12:23 AM

The UX of this is TERRIBLE.

There's absolutely no context for the user to understand what's happening. No matter how you slice this from an admin perspective, your user's Mac is either going to restart right from under them without any warning or you're displaying some shitty Jamf window with a message to defer, which quite frankly floods our support capacity with "Is this malware?!" requests.

Jamf really needs to up their game here

Reply

user-uVIrofrYAp
New Contributor

Posted on ‎05-06-2021 01:33 AM

This mechanism also protects against failed system updates, whose Seal won't match the During early startup, macOS Big Sur checks the Seal on the system. by Apple, and their installation and control is managed by their companion app.

PrepaidCardStatus

0 Kudos
Reply

thomas_moser
New Contributor III

Posted on ‎05-06-2021 03:29 AM

We currently use the script from bp88: https://github.com/bp88/JSS-Scripts/blob/master/AppleSoftwareUpdate.sh

And it works fine for us, of course you may have to tell your users that there is some manual labor from their side too. Since Big Sur/M1 devices are available, to make it work.

Also he has written a nice blog about his new script for Updates over Jamf (a new one, not the above mentioned): https://babodee.wordpress.com/2021/03/30/handling-major-upgrades-and-minor-updates-for-macos-with-jamf/
Maybe this is something you can try

Reply

Matt_Ellis
Contributor II

Posted on ‎05-14-2021 12:06 PM

@thomas.moser Do you use that script for only minor updates. I'm trying to find something I can use that will nag my users to run the updates that only care's about minor updates, not whole macOS upgrades. That works on Catalina, Big Sur, and M1s I will have all my users just use software updates.

0 Kudos
Reply

mschroder
Valued Contributor

Posted on ‎05-17-2021 03:02 AM

@thomas.moser I tried that script and it appears to work for minor updates of pre-Big Sur Macs, but on Big Sur if the user does nothingin the end it will just download the installer, do a reboot - but does not install the update :(

How did you get it to work?

0 Kudos
Reply

k3vmo
Contributor II

Posted on ‎06-01-2021 07:50 AM

Dying to know the above as well ... I'm having the most challenging time getting any method to start the install ...

0 Kudos
Reply

tcandela
Valued Contributor II

Posted on ‎07-07-2021 02:05 PM

has anyone tried a configuration profile with just the 'software update' payload configured?

if so, if the 'software update server' is left blank does it default to Apple?

also, what happens if a user is logged in and an update kicks off? does the user get interrupted with a possible 'restart' out of nowhere?

0 Kudos
Reply

tcandela
Valued Contributor II

Posted on ‎09-21-2021 02:06 PM

anyone get a policy to successfully install the Big Sur updates when they come out? 

11.6 is now the new update for Big Sur - has anyone gotten a policy that installs this?

0 Kudos
Reply