Restrict Catalina 10.15.7

t_jones
New Contributor III

Is there a way to restrict just the 10.15.7 update for macs already on Catalina?

Ive found a few posts about ignoring the Catalina upgrade notifications- this https://www.jamf.com/jamf-nation/discussions/33505/ignore-catalina-upgrade-prompt-in-software-update
and this
https://www.jamf.com/jamf-nation/discussions/32208/adding-macos-catalina-to-the-restriction-list

However, even though for 10.15.6 Apple states they brought back the ability to use the --ignore flag, our macs are still giving the error "Ignoring software updates is deprecated"

Ignoring the notifications would help, but isnt enough. We'd like to block the ability to upgrade to 10.15.7 altogether. When I created a restriction for "Install macOS Catalina.app" this did not restrict the update. And users can still update from previous versions of catalina without any issues.

Most of our mac fleet is on various versions of Catalina. So, its macs already on a version of catalina, that we want to block from updating to 10.15.7

Any ideas?

1 REPLY 1

Jason33
Contributor III

Create a config profile, and then configure Restrictions/Functionality, and set defer Softwareupdates (macOS 10.13.4 or later) to 90 days. Scope it to your existing Catalina machines. That might be your only option, but it also includes some caveats. Its 90 days from the release of the update by Apple, not when the config profile was built or applied to a device. IF there is a 10.15.8 released, then it resets the 90 day timestamp, and if 90 days has passed since the previous dot release was out, then the machine could see 10.15.7 available in software updates.