macOS Big Sur introduces new ways to manage macOS updates with MDM, replacing options in earlier macOS versions and offering new options to provide more control for administrators.
In macOS Catalina and earlier, you can configure a custom software update server URL to control which updates are offered to clients. You can also use the
softwareupdate command to ignore specific updates. In macOS Big Sur, these methods are replaced by MDM restrictions that allow you to delay updates for up to 90 days.
You can still use
softwareupdate --ignore on macOS Catalina 10.15.7 or macOS Mojave 10.14.6 clients to prevent installation of macOS Big Sur, but the
--ignore option is no longer available in macOS Big Sur.
Manage when updates are available
To configure delayed software updates for macOS with MDM, use the Restrictions payload. In macOS Big Sur, you can also delay updates to apps like Safari. By default, updates are delayed for 30 days when these options are enabled, and you can delay the update for up to 90 days. Your macOS clients will receive updates automatically when the delay expires. More information about delay expirations for Apple updates is available in the Mobile Device Management Settings documentation.
Install updates on demand
If you need to deploy updates while a delay is active, MDM commands allow you to download and install specific updates on demand without changing delay settings. macOS Big Sur adds new options to give you even more control over install actions.
You can use MDM commands to tell macOS clients to download updates in the background, to install previously downloaded updates, or to send a default instruction that allows the client to take appropriate action based on its current state.
For macOS Big Sur clients, new MDM commands can tell clients to download an update and notify the user in the App Store when the update is ready to install, or simply download the update and install it at a later time. If an update requires a restart, you can use a command to force a macOS restart with no user interaction.
If you force a restart, data loss may occur.
Manage client settings
You can manage additional macOS client settings using the Software Update payload, which allows you to control whether macOS clients check for and install updates automatically, whether a client can install prerelease software, and more. This payload also lets you set client options and prevent end users from making changes to your settings.
For details on using any of the payload settings or commands described, consult your MDM provider documentation.