JumpCloud’s automated patch management helps you keep your managed macOS devices and apps secure and updated. As an IT Admin with Manager role permissions or higher, you can manage and enforce when major OS upgrades and minor update patches are available and applied to your devices. You can also configure how much flexibility your users have in delaying or canceling the update:
- Major OS upgrades – Control when users install the latest available OS upgrade. You might want to test a new OS version on a small number of devices before you roll out a new upgrade to your entire company. You can defer an upgrade for 90 days after its release. You can specify a major upgrade installation per operating system, which gets installed on target devices within 24 hours of applying the policy. Enforced major upgrades utilize Mobile Device Management (MDM) software install commands and do not require end user interaction or Admin permissions.
- Minor update patches – Specify when minor updates become available to a device and control how long users can defer the update. If you choose to force minor updates to your users’ devices, you must set a deadline for minor updates. As that deadline approaches, automatic reminders appear more frequently and eventually users cannot dismiss them. If the deadline expires, the policy then forces a minor OS update to be automatically downloaded and installed using MDM software install commands.
You can customize user reminders for minor updates and preview the reminder before it is displayed to users. If you uploaded your logo, it also appears in the reminder. OS patch policies work on macOS Big Sur 11 and later.
Creating Default Patch Policies and Policy Groups
If your organization has not yet configured any macOS, Windows, or Linux patch management policies or policy groups, you can save time by loading a set of default policies and policy groups. These patch policies and groups can save you time by enforcing security patches on a large number of managed devices.
A policy group helps you quickly and efficiently roll out preconfigured policies using deployment rings. Deployment rings are configured with sane defaults. The deployment ring names match these policy group names, and control how and when an update is applied:
- Vanguard – Deploy automated upgrades inside your IT Department.
- Early Adoption – Deploy automated upgrades to early adopters outside of IT.
- General Adoption – Deploy automated upgrades to general users in your company.
- Late Adoption – Deploy automated upgrades to remaining users in your company.
Pre-configured settings for the macOS default policies:
- Defer Update Releases – The number of days to defer the availability of future minor OS updates. If you set the deferral length to be greater than the number of days since a minor update was released, this update will not be available. Any minor release older than 90 days will not be affected. Deferral Length in Days specifies how many days to defer a minor OS update after it’s released.
- Enforce Automatic Updates – The number of days that users have to install minor OS updates after they are available. The Installation Deadline in Days will apply to any minor OS updates available on a device at the time of policy application. If minor updates are not installed at the end of the deadline, JumpCloud forces the update via an MDM command. Valid values are 0-90 days, and the default is 30 days.
When the delay periods and the deadline expire, the policy forces a minor OS update to be automatically downloaded and installed as soon as the user's device comes online. This action occurs for updates to macOS 11, macOS 12, and macOS 13. If something unexpected happens and the minor update could not be installed, JumpCloud will try again every 24 hours.
When selecting a policy, the Deferral Length in Days setting for minor update releases will apply to any future minor updates.
Additional settings that are not preconfigured in the default policies:
- Defer Upgrade Releases – Delay users from installing the latest available OS upgrade. For Deferral Length in Days, enter the number of days you want to defer a major OS upgrade after it’s released. You can defer an upgrade for 90 days after its release. After that, this setting only applies to the next major OS upgrade. The minimum value is 1 day and the maximum is 90 days. The default is 30 days. The macOS Ventura release has been available for more than 90 days, so this setting would apply to Apple’s next major software release (macOS 14).
- Defer Non-OS Updates – Delay users from installing non-OS updates. Examples of non-OS updates are a Safari update or an Xcode Command Line Tools update. For Deferral Length in Days, enter the number of days to defer non-OS updates after they are released. The minimum value is 1 day and the maximum is 90 days. The default is 30 days.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article