- 31 Jan 2024
- 4 Minutes to read
- Print
- PDF
Configure Settings for OS Updates & Patch Management of macOS devices
- Updated on 31 Jan 2024
- 4 Minutes to read
- Print
- PDF
Apple keeps releasing patches and updates with new security enhancements for its devices to keep them up to date. However, in due course of time, IT admins may need more control over this process while managing a fleet of devices. They may want to ensure that the OS is compatible with the software and hence need time to test the updates before releasing them. Scalefusion's MDM solution provides a Patch Management feature to give IT admins more granular control over releasing the updates on Scalefusion-managed Mac devices.
In this two-document series, the first part describes the configurations that can be done for Patch Management on managed macOS devices and the second covers details about the summarized view our dashboard offers and actions that can be taken on the updates.
What kind of updates can be managed?
Scalefusion-managed macOS devices can detect and patch below types of Updates:
- OS Updates (Major and Minor)
- Critical / Security Updates
- Firmware
- Config
Before You Begin
- Users should be subscribed to Modern Business or Enterprise Plan (Legacy or Modern).
- macOS devices should be enrolled with Scalefusion.
- Device configurations supported: macOS Big Sur onwards
How does it work
- Configure Settings for macOS OS Update Management from Scalefusion Dashboard
- Enroll the devices with Scalefusion
- Based on the configurations, the backend syncs the updates with the managed devices.
- Get a summarized view of the status of updates, device as well as updates wise, publish updates on devices and also download CSV reports.
These are described in detail below.
Configuring Settings for macOS Update Management
Global Level
- Login to the Scalefusion dashboard and navigate to Update & Patch Management > macOS OS Updates on the left panel.
- Click on Configure
- The OS Update Management Settings dialog box opens where you can configure global settings for syncing updates.
- General Settings
- Toggle on the setting Enable OS Update and Patch Management. The rest of the settings become configurable only on enabling this.
- OS Deferral Settings: Configure settings for deferring the visibility of new updates on the devices to the end users. This gives you time to test the updates and upgrades in your environment. To configure, toggle on the setting Defer Updates. Following types of updates can be deferred:
- Defer major software updates: Defers the availability of major macOS updates e.g. 11.2 (Big Sur) to 12.1 (Monterey)
- Defer minor software updates: Defers the availability of minor macOS updates e.g. 11.2 to 11.3
- Defer non-os updates: Defers the availability of non-os updates like Safari, XCode etc.
The maximum you can defer the updates is by 90 days.
- Update Policy
- Update Policy Settings: Configure how to handle the available updates by choosing one of the following options:
- Display in Dashboard & let IT Admins choose to publish the updates: All updates are displayed on Dashboard first. The IT Admins can choose which ones are to be published to device(s). At the time of publishing they can also control if the updates should be pushed instantly or added to the self-service app allowing users to update based on deferral settings below.
- Display in Dashboard & Queue in the Self-Service App: All updates are displayed on Dashboard and also in the self-service app (agent app for macOS) for the end users. The users can choose to install the updates by themselves and the updates will be enforced based on deferral settings below. The updates will be visible to the users in Updates section in the agent app for macOS.For this option, Scalefusion MDM client app should be installed on Mac devices.
- Deferral Settings: By toggling on the Deferral Settings, users can configure settings to defer the installation of updates:
- Allow users to defer installation for: Specify no. of times users can defer installation. By default it is 7 times and maximum they can set is 30 times.
- Prompt users to install the updates every: Users get a prompt to install the updates either every 24 hours or 12 hours.
As a result, on the devices, users get a reminder to install the updates, and they can choose whether to install later or install now. They can defer the installation for a specified no. of times only.
- Update Policy Settings: Configure how to handle the available updates by choosing one of the following options:
- Failure Handling
- Update Failure Handling: From here you can configure settings for handling cases where any updates have failed to install on the device. Following are the settings:
- Mark as failed if the update is idle for: If the status of any update that is being published to device, is idle (not yet installed on the device), it will be retried after the specified time. If the update is still idle, it will be marked as failed. The time you can specify is either 24 hours or 12 hours.
- Retry failed updates: Specify the number of retry attempts for an update in case of failure. By default it is 2 times and it can be set anywhere between 0 to 6.
- Update Failure Handling: From here you can configure settings for handling cases where any updates have failed to install on the device. Following are the settings:
- General Settings
- After configuring the settings, click Save
Profile Level
If certain settings are to be applied to a collection of devices belonging to a particular profile, you can do so by configuring them at device profile level. Once you configure settings at the device profile level, they override the ones done at the global level.
To configure Update settings at the profile level:
- Navigate to Device Profiles & Policies > Device Profiles
- Create or Edit the Mac Device Profile on which updates have to be configured
- Navigate to OS Update Settings
- The settings can be configured under the OS Update Settings tab after toggling on Override Global OS Update Settings
Now that configuration is done, you can view the status of updates on the Dashboard and perform other actions. The next document explains it.