Mac devices are constantly growing as the default workstation for businesses today. These devices have their own sets of upgrades and updates coming through Apple, and these patches need to be managed with care, to keep the network of assets running smoothly without bugs.
With SuperOps.ai’s MacOS patch management, you can remotely keep your client’s Mac assets up to date by approving the suitable patches and deploying them automatically.
What can you do with MacOS patch management?
With macOS patch management, you can create policy sets for your Mac workstations and servers on a global level to manage patching requirements for these devices at scale. Based on the patch’s priority, you can automate the approval process and ensure that critical patches and security updates are deployed ASAP.
Now that we’ve seen what MacOS patch management can do, let’s dive into how we can set up patching in a policy set.
How to create macOS patch policies
1. Navigate to Settings > Policy Management > Mac Workstation Policies > Patch management.
2. Turn on patch management by toggling the switch in the right corner.
3. Click ‘Schedule’ to create deployment schedules for patches. And choose conditions to filter based on the category and severity of the patches.
You can create multiple deployment schedules with different conditions.
4. Select approval levels based on the patch severity category from the drop-down list.
The default for Optional and Recommended categories is set as ‘Manual’ and ‘Approve’ respectively.
Approve: The patch will be automatically installed in the next installation cycle
Manual: Patches will be installed if they are manually approved.
Reject: The patch will never be installed in the scheduled patch cycle.
5. Once you are done, click the ‘Save’ button to successfully create the policy.
You can create more focused policies on a client/site/asset level by choosing them from the drop-down list on the top right of the screen.
Asset patch view:
Navigate to Modules > Assets > Open up a Mac asset > Patches tab.
Under patches, you can see the status of the last and next patch scan and installation schedules along with their date and time.
A detailed history of the patches that were deployed previously or are new/missing is also listed as shown below.
4. You can select the patches you want to approve or reject either globally or at the asset level.
Patch list view:
To view all mac patches, navigate to Modules > Patches.
Under patch management, you can see a list view of all patches that you want to approve or reject for installation.
3. You can also apply filters to view specific patches. Click on the Filter button in the top right corner and select the conditions you want to apply.
For example, to view just Mac patches, you can select ‘Asset Class is Mac’ from the drop-down menu and select ‘Apply’ to enable the filter.
Mac versions that are tested & supported: Big Sur (macOS 11), Monterey (macOS 12)
Note: You may encounter issues with Catalina (macOS 10.15)
Mac versions that aren’t supported: macOS 10.0 to 10.14
Things you need to know:
Full disk access must be granted to the SuperOps executable.
To do that, Navigate to System Preferences > Security and Privacy > Full Disk Access, and select superops and updmgr.
2. Only software updates are installed during the scheduled patch installation cycle. Currently, you can not manage MacOS upgrades with SuperOps.ai. For example, Big Sur 11.5 to Big Sur 11.6 update will be installed during the patch cycle, but macOS Big Sur to macOS Monterey upgrade will not be installed.
3. Before the update process begins, please ensure that the Mac asset is connected to a power supply and has access to a steady internet connection.
4. A prompt appears when there is a Mac patch scheduled for installation as shown below. The admin user has to log in and provide the password to start installing the patches.
The prompt will be active for only 10 minutes. If the installation fails, or if the prompt is missed, then the patch will only be installed in the next patch deployment schedule.
5. Only three attempts are allowed in a cycle for the user in case of an incorrect password. If the incorrect password limit is exceeded, the patch installation can only be attempted in the next patch cycle.
The user must be logged in for the installation to be triggered. If the user is logged out before the installation is complete, then the installation will fail and can be installed in the next patch cycle.
6. In case the update installation fails, please reboot the machine and try installing the patches again.
7. Any force reboots that take place during the installation are system-driven; SuperOps.ai does not have any control over them.