Posted on 09-06-2018 10:01 AM
I'm new to JAMF and I'm trying to setup how JAMF will handle security updates. We do not want users to have access to install them. We prefer to install them to a test group, test, then install them to the other macs. Our MacBooks are DEP enrolled. When I use the "Defer Software Updates" in Configuration profiles it does make it where the user cant do an update, but I'm not sure how I can with JAMF. I can run the softwareupdate -l command I dont see the updates either with the Defer option on. Any sugestions?
Posted on 09-06-2018 10:26 AM
You could always download the Security Updates from Apple's site and then upload them into your Jamf distribution point as the original pkg files.
You'll need to create a Smart Group for machines that require the update(s) to target the right systems. You can do this by getting machines at a specific OS version, but not at the build version that it gets updated to when a security update is installed. So for example, the last Security Update 2008-004 for Sierra 10.12.6 updated the OS build to 16G1510
Posted on 09-06-2018 12:58 PM
Probably need a script to turn off "Install system data files and security updates." Also, if their admins, they can just turn it on.
Posted on 11-14-2019 08:43 AM
I am wondering if this resolved the question? I am running into the same issues. I would like to download and install updates to a test group first but I really didn't want to manually download updates each month if I could avoid that overhead.
Posted on 11-14-2019 10:36 AM
What if in your Policy to Defer Apple Updates you Excluded your Test Group of computers. Then created a Policy to Run Apple Security Updates. Payload: Software Updates, Apple's Software Update server and Scope that to your test computers. I actually scope all and just Flush Logs of the computers I want to test.