macOS update to a specific previous versionSolved

Hi @mo-chou,

For a controlled macOS update rollout, especially when you do not want devices to move directly to the latest available OS version, an OS Updates policy is generally the better approach.

In Hexnode, the macOS OS Updates policy uses Apple’s native MDM update framework and gives more control over how the update is handled. Depending on the available update and device compatibility, you can configure behavior such as downloading and installing the update, installing it later, or notifying the user.

This is especially useful when:

– You are updating developer or user-facing machines where an unexpected restart could interrupt active work.
– You need a compliance window or grace period before enforcement.
– You are deploying a major OS update that may take significant time to complete.
– You want more predictable control than a direct Update OS remote action or automation.

Before deploying to all devices, check whether the required version or patch is applicable to the target Macs. You can do this from the Patches section by checking Applicable Patches and verifying how many devices are missing the required update. It is also recommended to test the policy on one device before assigning it to the full group.

Regards,
Sienna Carter
Hexnode UEM

That makes sense. So if we decide to update everything to the latest version instead, would automation be fine? My concern is that automation seems to continue with the install once the download is done.

Hi @mo-chou,

Yes, automation can work well when the goal is to move devices to the latest available update quickly, especially for standard endpoints or urgent security patches.

However, it is less ideal when user interruption matters or when you need tighter control over restart timing. For example, if users are actively working, compiling code, or running long tasks, an enforced install and reboot can be disruptive.

A practical way to choose is:

– Use an OS Updates policy when you need controlled rollout, user notification, install deferral, maintenance timing, or a grace period.
– Use automation or the Update OS remote action when you need a faster push to the latest update and user disruption is acceptable.
– For urgent zero-day or critical minor security updates, automation may be preferred because speed and compliance are more important than user convenience.

For a one-version-behind requirement, avoid using a generic Update OS action if it would install the latest available version instead of the required version.

Regards,
Sienna Carter
Hexnode UEM

Thanks, that helped.