Skip to main content

Apple MDM OS Software Updates

What

All MDM configured devices will report and receive Software Updates via MDM. This is the same for:

  • iOS
  • iPadOS
  • tvOS
  • macOS (Either Big Sur and above or earlier versions if the client is configured for MDM Software Updates)

When/Why

Before MDM

The FileWave Server would pull the catalogue of all possible updates from Apple.  This same catalogue would be delivered from the FileWave Server to each macOS client.  After a Fileset containing the update was created and associated, the FileWave Client would use the Software Update process to instal associated updates, which would be sent from the Server to the device.

MDM

MDM Software Updates work mostly like Apple VPP Filesets, in as much as FileWave does not store the update.  Instead, the Fileset is a reference to the update on the App Store.  Only updates reported as required from devices through MDM will show in the Software Update view. 

Only once the first requested update is reported, will the drop down option in the Software Update view show macOS updates as an option.  All updates reported will persist in this view.

The 'Requested Only' tick box will only show those updates that are believed to be currently requested by devices.  Each check-in from a device should update the list of appropriate updates for that device.

 Apple catalogue updates take up storage on the server once the Fileset is created.  MDM Filesets do not store the updates.

How

MDM Reporting

When necessary, FileWave server will send an APNs to Apple requesting devices check-in. On doing so, the FileWave Server will respond with MDM commands, one of which being a request for ‘AvailabeOSUpdate’.  The device should reply with all possible appropriate updates.  For example:

If macOS 14.5 were the latest version, a device running 14.3.1 may request all of those between:

  • 14.4
  • 14.4.1
  • 14.5

Apple decide which prior updates will still be available.  A device may be updated to any version requested, not just latest.

 

Software Update View

If not already visible in the Software Updates view, each reported update will be added.  When an update is selected, the list of devices reporting the update as required will be displayed. From this same view, the desired update may be used to ‘Create Fileset’ and then associated.

image.png

During the transition between MDM and Catalogue Software Updates, two macOS options will be present:

  • macOS - Apple Catalogue updates
  • macOS MDM - Apple MDM updates

As of FileWave 15.4, only one macOS option will be present in the drop down box.  Apple Catalogues will no longer be available as standard.

 

Fileset Association

Within the created Association is an 'Instal at' date/time.  For MDM Software Updates, the command to trigger the request to instal the update will only be added to the MDM Command Queue once this date/time has been reached.  This is not an exact defined time, since APNs check-in request and device response may not be until a day/time after this.  Additionally, other factors can impact the device's reaction to any such request, e.g batter power.

MDM Software Updates and Rapid Security Responses are impacted by battery percentage of the device.  If not on charge, there is a minimum percentage required for the update to commence.  Please see the below chart.

Mac Notebook Type ASU Battery Requirement RSR Battery Requirement

Mac with Apple silicon

20%

  • Priority key set as High
 10%

Mac with Apple silicon

50%

  • Priority key not set
Intel Based Mac 50% 20%

 

DDM

FileWave introduced additional software update features with version 15.4, in particular, Force Reboot through Apple's new DDM protocol.  If the user has not actioned the update prior to this time, the device should then force this installation.

'Instal at' date/time, if not set, defaults to the time the association is created.  The 'Instal at' date/time in FileWave 15.4 is now a Force Reboot time.  Alter this time if this is undesirable.

The FileWave option to 'Automatically Instal on new devices' does not show the association.  It is therefore not possible to alter this date/time.

 

MDM Process

Since FileWave does not deliver the update to devices, but a reference to the update on the App Store, devices must first fetch the update.  Therefore, the installation process of an update is twofold, one to download the update and another to instal the update.

Since updates can be very large, there can naturally be some delay between the initial association and the actual installation.

If the device were upgraded between the association being created and the device receiving the command to update, if the update is no longer appropriate, the device will silently ignore it.

No Comments
Back to top