Help

What's the smartest way to update all your Macbook to the OS patch before the last with Nudge?

DonCascone
New Contributor III

2 weeks ago

First time using Nudge here and i was trying to update all my Macbooks to 15.3.1 using Nudge to let our users know that they need to update their Mac.
I've understood how to push the notification to all Macbooks that have less then a specific OS but I'd like them to update not to the latest but to the one before.
Thank you

0 Kudos
Reply
5 REPLIES 5

AJPinto
Esteemed Contributor

2 weeks ago

What you are wanting to do is a security risk. The vast majority of Apples OS updates are security related, and the .1 (or in this case .2) updates are pretty much only security fixes. 15.3.2 for example patches an actively exploited security gap in macOS and not having your users install it is a very bad practice.

https://support.apple.com/en-us/122283

https://nvd.nist.gov/vuln/detail/CVE-2025-24201

I don’t use nudge myself as since you can’t run OS updates from CLI anymore it does not have dentures to enforce anything and is just a nag. I use Jamf Helper, and have a script scan for OS updates and if there are available updates to pester the user to install them. We have a 7 day OS update deferral for testing, and updates in that deferral do not show in the update scan and do not trigger the notifications.

0 Kudos
Reply

sdagley
Esteemed Contributor II

2 weeks ago - last edited 2 weeks ago

@DonCascone You'd need to push a Configuration Profile that sets a software update deferral to prevent macOS 15.3.2 from being offered to your users. By setting the # of deferral days you can control which update will be visible (see https://sofa.macadmins.io/release-deferrals.html for a good guide for figuring out what's a good deferral setting)

If your Macs are all on macOS Sonoma or Sequoia I'd strongly encourage you to try the new Software Update feature in Jamf Pro and uses the "Download and schedule to install" which makes use of Apple's newer DDM controlled update mechanism.

0 Kudos
Reply

mvu
Valued Contributor III
In response to sdagley

2 weeks ago

+1. We use DDM and schedule updates. Hopefully, you're a cloud customer and can use it.

0 Kudos
Reply

Shyamsundar
Contributor III

2 weeks ago

you either need to defer the Minor updates So that 15.3.2 is not visible on the Software update pane. or you need to use the Software update(DDM) feature in JAMF to schedule an update and you can specify the macOS version you need to update. 

0 Kudos
Reply

BGhilardi
New Contributor III

Friday

Hello,
We defer minor and major updates while we test them in our lab environment.
We then use S.U.P.E.R to manage updates. This allows us to notify users, configure reporting rules, and set update deadlines.
https://github.com/Macjutsu/super


0 Kudos
Reply