Skip to main content

Software Updates in the age of macOS MDM (Big Sur v11.0+ / iOS 15+)

What

AppleFor broughtmany changesyears tonow, FileWave has leveraged the Software Update viatool MDMon inmacOS 2021.devices to evaluate and to deploy software updates.  With the release of macOS 11 (Big Sur) this behavior has changed somewhat.

When/Why

MadeWe'll mandatorystill withwant macOSto 11deploy software updates, and from a FileWave admin perspective, the process for assigning the updates has not changed, but the mechanism that delivers those updates behind the scenes has changed.  From Big Sur,Sur onwards, all Software UpdateUpdates will be delivered through MDM commands only.  So, the "How" of assigning updates has not changed, but the method of deployment has.

Here are some important items to note regarding this change:

  • This requires all Big Sur+ devices to be MDM enrolled to enable delivery of Software Updates

  • The updates are handled more like iOS updates were already handled...i.e. the device is notified to update, and the device itself gathers the update from Apple

    • The result of the above is that Apple caching servers become even more important to have in your environment

    • The delivery method being changed to MDM eliminates FileWave boosters from caching these updates

  • This change also means that restriction profiles that defer Software Updates for up to 90 days are also pertinent now for macOS

    gains
  • some
parity
with
iOS
and
there
is
now
finer
control
of
iOS version for devices.

How

We'll still want to deploy software updates, and from a FileWave admin perspective, the process for assigning the updates has not changed, but the mechanism that delivers those updates behind the scenes has changed.  From Big Sur onwards, all Software Updates will be delivered through MDM commands only.  So, the "How" of assigning updates has not changed, but the method of deployment has.

Here are some important items to note regarding this change:

  • This requires all Big Sur+ devices to be MDM enrolled to enable delivery of Software Updates

  • The updates are handled more like iOS updates were already handled...i.e. the device is notified to update, and the device itself gathers the update from Apple

    • The result of the above is that Apple caching servers become even more important to have in your environment

    • The delivery method being changed to MDM eliminates FileWave boosters from caching these updates

  • This change also means that restriction profiles that defer Software Updates for up to 90 days are also pertinent now for macOS

macOS 12 devices now report the right information to properly use the Apple Software Update Lookup Service. Specifically, the ProductVersion key is now supported for macOS (allows definition of update version to install) and FileWave will be sending 2 InstallSoftware commands as per Apple's direction in order to make software updates happen in a more timely fashion.

Starting with iOS 15, it will be possible to stay on the previous version (today, iOS 14) and still get minor updates. A new Settings command allows to define if the end-user will be presented the most recent update (iOS 15), the oldest (iOS 14.x), or both options as seen below in the updated Command Policy profile.

software-update-settings.png

Apple Software Updates - macOS

Software Updates: Deploying to Groups