![]() ![]() Not sure what has changed, but complete nightmare running updates on 11.3 and 11.4.Īnyway, caching the full installer (11.6.1 as of today) is the only thing that consistently works. We had nothing but problems with minor updates (policy, command, script etc) until we got all devices on 11.6 first. We seem to have a workflow down that works for both M1 and intel- after exhausting every option. The Allow remote management of kernel extensions and automatic software updates option enabled in the Startup Security Utility (in macOS Recovery)įor more information about how to enable this setting, see Change startup disk security settings on a Mac with Apple silicon from Apple's support website.Īlternatively, enrolling computers with Jamf Pro via a PreStage enrollment can automatically enable this setting. There are additional requirements for computers with Apple silicon if you want the update to be installed automatically without user authentication:īootstrap token for target computers escrowed with Jamf Pro It's mentioned in this document Deploying macOS Upgrades and Updates with Jamf Pro Note: On computers with Apple silicon (i.e., M1 chip), users may be prompted to authenticate before an update can be installed. Otherwise you have to go into each devices starup security utility in the recovery console to enable the tick box. M1 Apple Silicon devices are 'required' to go through Automated Device Enrollment if you want to send remote update MDM commands to them via a mass action task. The best I can recommend for everyone who sees this is to start blowing apple up with feature requests, and prod your JAMF Reps on the pending feature requests JAMF has. JAMF still does not fully support "schedule an update" never mind they recommend using it to managed updates and we all know the complications of Auto Updates. With 11.3.0 released last week a security patch quickly followed it up with 11.3.1 and you really have no reliable way to force that update to install on Apple Silicon devices. Software Updates have been a long standing weakness where JAMF has done nothing to enhance the experience. However, we are all paying JAMF to provide solutions for "organizations to succeed with apple". ![]() It is very unfortunate that this is literally what Apple is intending. In enterprise the general concept is users cannot be trusted and generally this is very true in most cases. Basically if a Mac is out of date for a period of time it is totally locked down. All of this update business is putting us in a bad place. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |