This blog post is about the traditional way to deploy software updates to macOS devices. I'll discuss declarative software updates in a later post. With declarative updates you can be selective about the update that you want to deploy.
Anyway, back to the job at hand, software updates. You can use Microsoft Intune to manage software updates for macOS devices that are enrolled as supervised devices. This feature applies to macOS 12 and later.
First I had to verify that my test device was supported. Yes, it's running macOS Monterey v12.6.1.
There are two ways to manage macOS software updates in Intune (excluding declarative updates). Lets have a look at them both.
- Configuration profile
- Update policy for macOS (this is the one I'll deploy)
First let's have a look at Configuration Profiles. Navigate to Devices > macOS > Configuration profiles. Select Create > New policy.
Select Templates as the profile type and choose Software Updates. Select Create.
Enter a name for the profile and click Next.
You are presented with options for Critical, Firmware, Configuration file, and All other updates (OS, built-in apps). You can also set the schedule for software updates installation.
You only have two options:
- Not configured
- Download and install
I like to use the second option (update policies for macOS) as this gives us more options. Let's have a look at that.
Enter a name for the policy and click Next.
- Download and install: Download or install the update, depending on the current state.
- Download only: Download the software update without installing it.
- Install immediately: Download the software update and trigger the restart countdown notification. This action is recommended for userless devices.
- Notify only: Download the software update and notify the user through System Settings.
- Install later: Download the software update and install it later. This action isn't available for major OS upgrades.
You also have scheduling options:
- Update at next check-in: The update installs on the device the next time it checks in with Intune. This option is the simplest and has no extra configurations.
- Update during scheduled time: You configure one or more windows of time. During these windows, the update installs upon check-in.
- Update outside of scheduled time: You configure one or more windows of time. During these windows, updates don't install upon check-in.
Make your selections and click Next.
Assign the policy to a group of macOS devices.
Review your selections and click Create. Now wait for the magic to happen.
On the device we can see that there is a software update notification (under System Preferences).
Clicking on that notification shows that macOS Monterey 12.7.1 is downloading.
After a while the device restarts.
We can see the all too familiar Apple.
The device has been upgraded to Monterey 12.7.1.
Click on the device > Software Updates in the Intune portal and we can now see that the device is up to date for all update categories.
No comments:
Post a Comment