Showing results for 
Search instead for 
Did you mean: 

Introducing Zero-Touch Enforced OS Minor Updates and Major Upgrades for macOS

JumpCloud Employee
JumpCloud Employee

In today's world, maintaining up-to-date and secure systems is of utmost importance. It can be challenging for IT teams to ensure that all devices are running the operating system versions and software configurations it requires, especially when it comes to macOS devices. 

Patch management for macOS devices just got a lot easier.

image (48).png

The Patch Management Automatic macOS Updates Policy, now enables admins to easily enforce "fire and forget" settings for both minor updates and major upgrades. With this release, both major upgrades and minor updates are enforced using scheduled MDM OS update commands, which do not require end-user interaction or local system administrative permissions. This unlocks a zero-touch enforced OS update & upgrade experience for both admins and end-users!

image (50).png

Before this release, IT organizations had to either grant employees admin permissions to install major upgrades on devices running versions of macOS 12.3 and older or find time to work with end users who only had standard permissions to manually complete the upgrade. This would require significant effort from both IT teams and end-users, leading to potential productivity loss. Additionally, it would expose security and operational issues, as failing to promptly install major upgrades could create security vulnerabilities, leaving sensitive data at risk, and potentially exposing organizations to data breaches or cyber-attacks.

Furthermore, devices that delay major upgrades may experience compatibility issues with applications or compliance requirements, causing disruptions to business operations and potentially affecting the organization's ability to achieve compliance goals.

The new Patch Management Automatic macOS Updates Policy provides numerous benefits to organizations. The first and most obvious benefit is enhanced security. The new policy ensures that all systems are up-to-date and protected against security vulnerabilities, reducing the risk of data breaches, malware infections, and other security incidents. IT teams also do not have to provide employees admin permissions simply for applying major upgrades.

Another benefit is improved productivity. By automating the upgrade process and minimizing user intervention, organizations can reduce the time and effort required to perform major upgrades, allowing IT teams and end-users to focus on more strategic tasks. Consistent configurations are also ensured with this new policy. It reduces the risk of compatibility issues and other operational problems that can arise when devices are running different operating system versions.

Regulatory compliance is also a benefit of the new policy. Organizations can comply with industry regulations and standards that require systems to be up-to-date and protected against security vulnerabilities. This helps organizations avoid potential regulatory fines or other penalties. Lastly, the new policy reduces support costs. By automating the upgrade process and minimizing user intervention, organizations can reduce the burden on IT support teams, resulting in lower support costs and faster issue resolution.

Follow these links to learn more in the JumpCloud knowledge-base. 



Community Manager Community Manager
Community Manager

💥 🎉 🎊 

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.

Rising Star I

This is a great step in the right direction!

The JC notification window has been a great feature that has seen a lot of success for our crew after patch management released for MacOS.  The only confusing thing is when we want to do a major upgrade (Monterey -> Ventura), the notification window instructs the "more info" option instead of the upgrade button option for major updates.

The great thing about the notification window is it will allow a non admin user to run the major update without an admin present.

Novitiate I

Hi, thank you very much for sharing this information. I want to ask you the following. Some applications like Slack require administrator credentials to install new updates of the app. Do you know how these applications can be updated without requiring an administrator password? I'm looking forward to your reply.

Apple VPP or Instalomator are two options.