Software Updates flaky


What are folks doing to update thier Macs? Both of Jamf's methods are flaky at best. Anyone get a straight answer from support on this? We had a ticket that went nowhere for 3 months. Also had the assurance that this would be resolved with Jamf Pro 11 and Sonoma. We see the same flaky business happening. 

We manage a few hundred Mac desktops and about the same Mac laptops. Nudge is not an option for Lab environements. Trying to understand how Jamf Pro is helping streamline the process of securing our Macs. We have met all of the requirements for things to work according to the support engineer we worked with.

Would like to hear how other admins are dealing witht this? 


New Contributor III

Do you have a static local admin account password or some LAPS solution where the password is stored in Jamf for lookup?  We've tried Nudge and other methods but finally had to get heavy-handed in forcing software update installs/reboots on users.  If you can get a local admin account (that has a securetoken as well) password stored in a variable, you should be able to execute a script like this to force install/reboot of software updates (obviously change the username as needed):


echo $password |sudo -S softwareupdate -aiR --user localAdminUserNameHere --stdinpass


Honored Contributor II

If you search JAMF Community, you will see tons of posts on people complaining about software updates and what we are trying to do to manage them. Where JAMF is not doing much to help situations, the issues are firmly with Apple. The OS update workflow is flat out garbage. 


I am using a multi prong approach with user involvement.

  • Policy that runs daily checking for available OS updates. If updates are available, JAMF Helper popups up to the user asking the user to install OS updates. IF they click button 1 it opens System Settings>General>Software Update. If they click button 2, it writes a log and goes away until the next day.
  • About 2 weeks after a new OS update is release, I will issue OS update MDM commands with 2-day deferral.
  • About 3 weeks after OS updates are released, I target software restrictions to devices not running the desired OS version. When users open core apps like MS Office, they force quit and present a notification to run OS updates.

It's not elegant or nice, but it works. Ask for user involvement, then push the updates, and finally force compliance.  

Legendary Contributor III

I've all but given up on trying to automate anything around Apple Software Updates. I've resorted to nagging users repeatedly to manually go into Software Update and install the available updates, until they do it. The people here in InfoSec and on teams that monitor updates for the company don't get just how insanely complicated it is now to get our Macs up to date, and keep pointing out that we have some machines not running the latest version of the OS they are on. Yeah, yeah, I know!

Apple has turned what used to be an elegant and simple process at one time, into something that is a nightmarish hot mess. The only reliable way to get it done now is to prompt for user involvement.

I keep hoping one day Apple will come to their senses about this and bring back a more elegant way to get it done, but I may as well hope for a unicorn.

Valued Contributor

Declarative Device Management is supposed to bridge this gap.

Valued Contributor

yup.. we've all seen the demo..  testing DDM / OS updates for devices on 14.0 and using scheduled updates with a due date.. with a cut off of Monday.. I still have a number of these past due date and live today.. not updated.. the JAMF 'beta' implementation of this is a mess of a UI with limited implementation of all the features..

still it will be all good in JAMF 12 and macOS 15 yea? 😎  

Valued Contributor

Unfortunately, its all on Apple. JAMF just gives us what Apple allows and Apple just doesn't care.


The half baked Apple pie story is getting old. My higher ups don't really care to hear it. The question usually is why are we using Apple if we have these issues? It's hard to stand by it's more secure when we can't apply security updates in an expedient way. Jamf seems to have made some hints at things working. If I look solely from what Jamf advertises and what is working, there is a disconnect. 

Valued Contributor

I feel like as an Apple Engineer our job is to ensure our leaders that the front line is in fact fine... when its not. Apple's promises are like Steiners offensive.