How to manage apps and OS updates on Mac

Heather Gray

Apr 27, 2020

7 min read

When you talk about deploying Macs in a business environment, setting up the devices for the first time is seamless but their ongoing management is a whole other story. For IT, the most challenging part is Mac app management and OS update management. In this blog, we will be discussing how organizations can systematically provision essential apps to their end-users, securely manage them across Macs, keep the devices safe and updated with the latest OS version–all without putting too much pressure on IT.  

1. Deploying enterprise apps

When it comes to applications, you don’t have to publish all the required apps on the app store to make them available to a large number of users in your organization. You can distribute apps outside the app store. However, not everyone can go around deploying custom apps to users. You need to be enrolled in the Apple Developer Enterprise Program. The program allows large organizations to develop proprietary applications and deploy them to their employees for internal use. Then again, it’s only for custom use cases that require apps to be privately distributed directly to the employees. For distribution alone, you don’t always need an MDM, you can use Ad hoc distribution or beta testing through test flight, but that’s a post for another day.  

Now, folks already using Hexnode MDM and enrolled in Apple Enterprise Developer Program, you can start by adding apps to your app inventory. PKG files are supported. You can either upload the file directly or mention the manifest URL and Hexnode MDM will grab it from the location. Once the app is in the inventory, it can be distributed to any Mac device just the way you push apps across any other platform. For quickly installing an app to a single device, you can use remote actions, but for batch distribution, I’d recommend using the mandatory apps featureThat way, the apps are enforced as a policy criterion. When Hexnode MDM detects any device missing the assigned mandatory app, it will be automatically re-pushed. So, you can be sure, the devices have the essential apps installed at all times. 

2.Updating enterprise apps

This Mac app management feature of Hexnode MDM simplifies the process of updating the essential apps needed by your organization . If you want to update an already deployed enterprise app, you need to add the app with an updated version of the PKG file to replace the old one. The new version will be rolled out to all devices having this app assigned as a mandatory app via policy. If you want a phased roll-out or beta test on a limited number of devices, then I’d recommend creating a separate group for those devices and pushing the PKG file through yet another policy.  

3. Silent app installation

By integrating Apple Volume Purchase Program with Hexnode you can not only distribute store apps purchased in bulk, but ensure their installation on Macs without any user interaction. If you’ve already migrated your VPP account to Apple Business Manager (ABM), you can purchase the apps from within ABM. Either way, once your sync VPP in Hexnode, all your VPP apps appear within your app inventory. You can install them directly via remote actions or distribute via a mandatory apps policy–and they install silently on the Macs. When you want to retire apps on a particular device, you can also revoke the license to be reused for yet another device.

4. App configuration

App Configuration is a powerful Mac app management feature for IT to off-load the configuration part involved in applications from the user-end. For supported applications, IT can pre-configure first-time use settings like port numbers or server addresses and avoid the risk of incorrect setup by leaving it to the end-users. It’s not just the settings, you can also have login information or other account details pre-configured. It all depends on what the app developer has designed for app configuration. All you need to do is populate an XML file with the configurations in the specified format and push them out for the individual apps.

macOS Updat

Apple computers have been around for quite some time now.  Diehard Mac enthusiasts have often quoted their usability and features tuned for creative professionals as some of the key defining features that make the macOS great. Apple has always kept its dedicated users in tow by regularly offering OS updates. A new major version comes out roughly about once a year, the latest being macOS 10.15 Catalina. The latest versions also come with a suite of built-in utilities that would help its enterprise users to get the most productive use out of their devices. Though end-users can update their Macs directly, it’s best to go for a phased roll-out to prevent IT from getting overwhelmed with a surge in support requests.

Mac app management and macOS updates in the device
Mac app management and macOS updates in the device

1.Enforcing macOS Updates

Hexnode lets you force download and/or install the OS on the enrolled Mac devices. Leaving the updates for users’ convenience doesn’t often turn out well. Instances, where you want to make the latest OS downloaded on the device, or downloaded and installed right away, it’s best to go via the Actions route. You can choose either of the downloads only option or the download and install option, and you’re good to go. For scheduling the updates it’s recommended to go via the Policy route.

2.Scheduling macOS updates

Taking the Policy route means you can enforce it as a forced, on-going action. You can either create a new policy or use an existing one to schedule the updates. Options below allow you have complete control over the OS update process:

Settings  Description
Notify Only The user gets notified of a software update via the App Store
Download Only OS is just downloaded without proceeding to the installation
Download and Install Downloads the updated version and installation starts immediately. The installation will begin straightaway if the software update has been downloaded previously
Install Installs an already downloaded software update
Install Later User can download the software update and install it later

By upgrading to the newest version, the users of your organization can utilize the latest features to make their workday as productive and hassle-free as possible. Like most major macOS updates, Catalina too comes with its own set of impressive featuresKeep your enterprise devices updated to ensure they are protected and continue to stay in great shape.

Bottom line

Though Macs have been around for a long time, they have never really proliferated in business until the latter half of the past decade. Big enterprises such as IBM and SAP believe in the positive influence Mac devices can bring to their workers. Companies that deploy Macs in their workplaces have reported receiving fewer help desk tickets and happier end users. Click To TweetOne of the greatest strengths of macOS is its robust security and a limited number of malware programs targeting macOS 

Even though Macs come with security features and native management capabilities, it’s still better to have a dedicated  MDM when devices are deployed in a business environment. To ensure your users get the most out of the Mac devices, it’s important that they run the latest version of OS X and are provisioned with all the essential apps for users. And what better way to do it than Hexnode advanced mac app management and OS update management.


Heather Gray

Technical Blogger @ Hexnode. Reading and writing helps me to stay sane.

Share your thoughts