Questions about Software Update options

vrtigo1
New Contributor II

I'm looking at using the Software Update feature to handle MacOS software updates.

Under the Download, install, and allow deferral option, it prompts you for a number of deferrals to allow.  What exactly is a deferral, and how often do they occur?  For instance, If I wanted to allow a user to defer an update for up to two weeks, how do I determine how many deferrals need to be allowed to accomplish that?

Also, under the Target version option, assuming a device can run the latest version of MacOS, what is the difference between Latest version based on device eligibility vs Latest major version vs Latest minor version?  Are these terms defined somewhere?

11 REPLIES 11

Hasibravo
New Contributor III

Deferrals and How They Work:

A deferral is the number of days that a user can delay installing a software update after it has been made available. For macOS, deferrals can be set from 1 to 90 days. These deferrals can be applied to:

- Major updates (e.g., macOS 14 to macOS 15)
- Minor updates (e.g., macOS 14.1 to macOS 14.2)
- System updates (non-OS updates like Safari or printer drivers)

Deferrals occur each time an update is offered, allowing the user to postpone installation.

Example of Deferrals:

If you want to allow a user to defer an update for up to two weeks, you would set the number of deferrals to 14 days.

Target Version Options:

1. Latest version based on device eligibility: Installs the latest macOS version the device supports.
2. Latest major version: Installs the latest major macOS version available.
3. Latest minor version: Installs the latest minor update of the current major version.

vrtigo1
New Contributor II

So, with regard to targeted versions:

Latest version based on device eligibility, this makes sense.

So, assuming a device is new enough to be able to run the latest OS, does that mean that there is no functional difference between Latest version based on device eligibility and Latest major version and selecting both of those would have the same result?

If I selected Latest major version on a device that can't actually run the latest version, would it still try to install it, or what would happen?

For latest minor version, I assume when it's referencing the current major version, that means the current major version the device is running?  So for example, if the device is running 13.1 it would update to 13.8 (these are just made up version #s)?

McAwesome
Valued Contributor

"If I selected Latest major version on a device that can't actually run the latest version, would it still try to install it, or what would happen?"

It would attempt to install the latest Major version the hardware supports, which it's already running.  Nothing should happen.

vrtigo1
New Contributor II

That doesn't make sense to me though, because that sounds like it's exactly the same as Latest version based on device availability option.

Hasibravo
New Contributor III

Latest Version Based on Device Eligibility vs. Latest Major Version
-Latest version based on device eligibility refers to the newest version that a device can support, given its hardware capabilities.
-Latest major version refers to the most recent major release (e.g., iOS 17, macOS 14).

If a device is capable of running the latest major version, then there would be no functional difference between "Latest version based on device eligibility" and "Latest major version," as both would point to the same OS version.

Behavior on Devices that Can't Run the Latest Version
If you select "Latest major version" on a device that can't run it due to hardware limitations, the device will attempt to update but fail, showing an error. This is because older devices may not have the necessary hardware capabilities to support new software versions.

Latest Minor Version
-When referencing the "current major version," it means the major version the device is currently running. For example, if the device is running iOS 13.1, setting it to "Latest minor version" would update it to the most recent minor release within that major version (e.g., from 13.1 to 13.8, assuming 13.8 is the latest minor release in the 13.x series)

obi-k
Valued Contributor III

The deferral in the section "Download, install, and allow deferral" refers to the number of times your user/customer can cancel the update before it runs. You or the Jamf Admin running this determines the number.

AJPinto
Esteemed Contributor

Apple covers most of your question in their WWDC 2023 keynote, as well as on Apples MDM developer pages and Jamfs learning site. However, the gest of it.

  • What exactly is a deferral? This is fairly self-explanatory; it allows the user to defer the update.
  • How often to the prompts occurs? Once a day providing the device is powered on.
  • If I wanted to allow a user to defer an update for up to two weeks? You would not use a deferral for this, you would use the "download and schedule to install" option and specify your date.
  • Latest version based on device eligibility? The newest version of macOS the device is allowed to install, this can be limited by hardware version or software update deferrals with Configuration Profiles.
  • vs Latest major version vs Latest minor version? Telling the Mac to update to the latest major release it supports (13.5 > 14.5) vs telling the mac to update to the latest minor update it supports (13.5 > 13.6).
  • Are these terms defined somewhere? Yes, both in Apples Developer Documentation and Jamf's documentation on managing software updates.

 

The reason you would not want to use a deferral for 2 weeks as in your example. Figuring out how many deferrals would be needed for 2 weeks is simple, its 14 days and there is your math. However, if the device is powered off over the weekends, then it's offline for 4 of those 14 days; so, you want to have 10 deferrals instead for that device. However, 3 of your users are on vacation, so they would need even fewer deferrals. To simplify all of this, you schedule the OS update to install 2 weeks from today's date, the users will still receive notifications and can install when ready, but the install date is static rather than dynamic based on user behavior. 

vrtigo1
New Contributor II

Thanks for the info.  Your explanation on deferrals makes sense, but I have a follow up question.  Let's say I choose the option to schedule the update for 2 weeks from now, what does the user notification look like?  I need to ensure that the presentation to the user is clear that they can choose to install the update any time during the 2 week window and that if they don't install it at the end of 2 weeks it will automatically install at that time.

obi-k
Valued Contributor III

Looks like this...

The user should get a notification once per day. If they haven't updated after those 14 days, the frequency of the notification increases on the 14th day.

On the final hour, I believe they'll get 2-3 final notifications. And then it will reboot and update. Although in my testing, it has gone past the deadline sometimes with DDM.


ddm.png

vrtigo1
New Contributor II

Thanks, and just for clarification, based on the screenshot you shared it looks like there is nothing in the notification that lets a user know they can elect to install the update prior to the scheduled install time?

Also, what is DDM?

obi-k
Valued Contributor III

Np. 

Yeah, good point. What I have seen in my environment is that users get annoyed with the notifications and eventually click on it and do the update. 

On the side, I also run a script that if updates are available, the System Settings/Software Update panel opens daily. This helps.

DDM or Declarative Device Management:

https://www.jamf.com/blog/managed-software-updates-ddm/
https://www.youtube.com/watch?v=y9kQw8ZDlVY