Category filter
Configure macOS Software Update Preferences with Hexnode
This doc helps you configure macOS Software Update Preferences as part of managing Patches and Updates on devices. The feature assists IT administrators in managing the checking, downloading, installing, and deferring of macOS software updates.
The Software Update Preferences Policy determines the type of system updates macOS devices should receive and when they should receive them. The policy enables IT admins to defer updates, granting them the flexibility to test and verify compatibility before implementing them across the organization.
This feature is available on Hexnode UEM’s Ultra subscription plan.
Create macOS Software Update Preferences Policy
Here’s how you configure macOS Software Update Preferences from Hexnode UEM.
- Log in to your Hexnode UEM portal.
- Navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an existing policy.
- Go to macOS > Patches & Updates > Software Update Preferences. Click Configure.
- You can configure the following Software Update Preferences:
Automatically check for new updates:
Specify whether to enable or disable the “Check for updates” option on the device and prevent users from changing it.
Automatically download new updates:
Specify whether to enable or disable the “Download new updates when available from the App Store” option for macOS 10.13 and lower. On macOS 10.14 and higher, this option specifies whether to enable or disable the “Download new updates when available” option. Once configured, users will not be able to change the option on the device.
Automatically install macOS updates:
Specify whether to enable or disable the “Install macOS updates” option and prevent users from changing this setting on the device.
Automatically install app updates:
Specify whether to enable or disable the “Install app updates from the App Store” option and prevent users from changing this setting on the device.
Automatically install critical updates:
Specify whether to enable or disable the “Install system data files and security updates” option for macOS versions below 13. On macOS 13 and higher, this option specifies whether to enable or disable the “Install Security Responses and system files” option. Once configured, users will not be able to change the option on the device.
Automatically install configuration data:
Specify whether to enable or disable the automatic installation of configuration data.
Install pre-release software:
Specify whether to allow or deny users to download and install beta software through the Apple Beta Software Program.
Force admin privilege requirement for software update:
Specify whether admin user credentials should be mandated to install new software or updates to existing software. If enabled, all software installations including application installations and application updates will require consent from an admin user.
Install Rapid Security Responses:
Specify whether to enable or disable the installation of rapid security responses for devices running on macOS 13 and later.
Allow removal of Rapid Security Responses:
Specify whether to enable or disable the removal of rapid security responses for devices running on macOS 13 and later.
Defer Software Updates
You can set the delay (in days) before an update is accessible for users to download since its release date. The upgrade/update can be deferred for up to a maximum of 90 days.This allows you to determine when users receive updates, providing you with the opportunity to test and ensure compatibility before widespread deployment.
Defer major upgrades:
Specify whether user visibility of major upgrades to OS software should be delayed for devices running on macOS 11.3 and later. If enabled, this will postpone user visibility of major upgrades to OS software. The delay period can be specified between 1 to 90 days.
Defer minor upgrades:
Specify whether user visibility of each software update should be delayed for devices running on macOS 11.3 and later. If enabled, this will postpone user visibility of each software update, except for seed build updates, which are allowed without delay. The delay period can be specified between 1 to 90 days.
Defer app upgrades:
Specify whether user visibility of each non-OS software update should be delayed for devices running on macOS 11.3 and later. If enabled, this will postpone user visibility of each non-OS software update. The delay period can be specified between 1 to 90 days.
To associate the Software Update Preferences policy with target macOS devices, follow these steps:
If you haven’t saved the policy yet:
- Navigate to the Policy Targets.
- Click on Devices, Device Groups, Users, User Groups, or Domains.
- Select the desired targets and click OK.
- Click Save to apply the policy to the chosen targets.
If you’ve already saved the policy without associating any target devices:
- Go to the Policies tab and select the policy.
- Click on the Manage drop-down menu and choose Associate Targets.
- Select the devices, users, device groups, user groups, and domains you want to associate with the policy.
- Click Associate to apply the policy to the chosen targets.
What happens at the device end?
The changes made to the following options in the policy will be reflected in the macOS device under Automatic Updates/Advanced in Software Update Preferences.
- Automatically check for new updates
- Automatically download new updates
- Automatically install macOS updates
- Automatically install app updates
- Automatically install critical updates
The remaining options, when configured, will have their respective effects on the device’s software update behavior.
