Posted on 09-06-2023 08:07 AM
I am testing Software Updates (Beta) in my environment, and I am seeing mixed results.
So, I started with a Monterey 12.6.6 and sent a request to update it to 12.6.7 which was successful. Then I send another request to update the same machine to 12.6.8, locked the machine and left it overnight. The machine did not update. I researched and checked for anything I could find to see if the machine got the instructions. I looked at the install.log and nothing stands out. I ran the update command again, still no update. Can anyone tell me if there is a certain time frame that it waits or a location or command at the machine can be checked. Any help or information would be greatful.
Posted on 09-06-2023 08:37 AM
Software Update via MDM command will not work always and we have seen intermittent issues like this. Hopefully as apple moving Software update to DDM in macOS Sonoma we will have some improvements :-)
09-06-2023 08:57 AM - edited 09-06-2023 08:59 AM
MacOS updates and managing them is absolute hot garbage. At this current point in time don't expect a higher success rate then around 70% without user involvement.
My suggestion is using a Managed AppleID from Apple Business/School Manager and submitting feedback using the feedback app. Then get the Feedback request number, and forward it to your Apple Account Rep. If you have an ACE Agreement also open a ticket with Apple.
Apple is going to tell you to run the Mac Evaluation Tool (located in Apple Seed). If you have any blocked or intercepted traffic showing on the Evaluation Tool, Apple is going to tell you to allow it. Most of Apples traffic does not matter for OS updates. So you will need to do a bit of poking around to see what you actually need, Apple wont spell it out for you unfortunately. JAMF has a similar tool to the Mac Evaluation Tool called Jamf Environment Test. Of course this is assuming you are on prem (or using a VPN), and/or your JAMF instance is hosted by you guys if not you have no control over the network configuration of the network the devices are using.
Some links I found helpful.
https://marketplace.jamf.com/details/jamf-environment-test
https://support.apple.com/guide/deployment/manage-software-updates-depc4c80847a/web
ScheduleOSUpdateCommand.Command.UpdatesItem | Apple Developer Documentation
Posted on 09-06-2023 09:16 AM
Hot garbage is the best description I've seen for the current state of macOS update management. It's amazing how long this has been in such a bad state and still not fixed, or at least more reliable. It never should have been allowed to get to this state by Apple, but here we are.
Posted on 03-22-2024 12:52 PM
IMO if the device is "managed" by an MDM, the MDM administrator should be able to do anything they want on the device and time they want, regardless of whether Apple considers it a restriction for a consumer purchased device. I just want to have our people leave for the weekend with their devices plugged in and locked, and do whatever maintenance I want, and have them ready to go come Monday morning. That's nowhere even close to reality and any major maintenance task is inherently disruptive to the end user during working hours.
Posted on 09-06-2023 11:54 AM
When I was as JNUC last year, a bunch of people were talking about this and it go brought up in a few sessions. Still just as clunky, just added a to option on the left to give it quicker access.
Posted on 03-22-2024 12:46 PM
I am interested in testing this for IOS devices myself. Question, could there be a minimum age set in a configuration profile interfering with whether a certain update gets installed? I know that if this minimum age deferral setting is in place, devices only download up to that age update. Doing a manual update mass command supposedly overrides this setting but maybe it doesn't work that way with managed updates?
Posted on 03-22-2024 12:56 PM
Here's another question. In one of the documents discussing managed updates I see this warning:
Warning:
Enabling the (Beta) managed software updates feature will initiate a record cleanup, which includes clearing any update commands that have previously been deployed from Jamf Pro. You can re-deploy these updates with the (Beta) managed software updates feature. When the new feature is enabled, mass action update commands are disabled.
Can the managed updates be disabled if test results are not what we want? I don't want to lose mass action update commands forever if things don't work out.