This guide applies to Mac computers
About Managed OS for macOS
Managed OS for macOS allows you to automatically deploy and enforce macOS updates across your fleet of Mac computers. Updates are delivered via Declarative Device Management (DDM). You can offer major macOS upgrades on-demand from Self Service or have them enforced automatically. Instead of manually managing macOS updates, you configure Iru Endpoint to handle the update process according to your specified schedule.How It Works
Iru Endpoint uses Declarative Device Management (DDM) to deliver and enforce macOS updates. The operating system handles download, caching, notifications, and installation. When you configure Managed OS, Iru declares the required macOS version and deadline and macOS enforces it. Iru handles:- Update detection — Iru monitors for available macOS updates from Apple
- Download and caching — Updates are automatically downloaded and cached on devices
- User notification — Users are notified of pending updates with enforcement deadlines
- Automatic installation — Updates are installed according to your configured schedule
- Compliance monitoring — Iru tracks which devices have successfully updated
Enabling Managed OS for macOS in your Library
To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.Enabling Multiple Managed OS Library Items
When using Iru Endpoint, you can add the same Managed OS version to your Library multiple times. This is helpful when configuring different settings for various Classic Blueprints or creating distinct update settings for nodes in an Assignment Map. To differentiate between these copies, you can use labels.Configuring Managed OS for macOS
Add Label
Add a Label to easily identify this instance of Managed OS for macOS in your Library. While these labels won’t be visible to end users, they will appear throughout the Iru admin interface.
Assign to Blueprints
Assign to your desired Blueprints.
Configure Installation Method
Configure the way upgrade installations of this major version of macOS should be enforced:
- Continuously Enforce will automatically initiate an upgrade on older versions of macOS, or users can upgrade on their own if they choose to
- Install on-demand from Self-Service. This option can easily be differentiated between Blueprints by making additional copies of the same Managed OS for macOS
Configure Version Enforcement
Under Upgrades, select an option for Version Enforcement. Available options include the following:
- Do Not Manage: This option will not manage macOS updates. It cannot be selected if you’ve chosen to Continuously Enforce upgrades, as it also determines the schedule and conditions for upgrading.
- Automatically Enforce New Updates: You will also select a Time frame in which new updates will be enforced.
- Manually Enforce Minimum Version: Specify the minimum macOS version a Mac should be running and the Enforcement Deadline date by which users must update. No updates will be enforced if a Mac is already running a macOS version greater than the specified minimum.
Understand Version Enforcement
Automatically Enforce New Updates and Manually Enforce a Minimum Version set a minimum macOS version, or “floor,” to compare a Mac computer’s macOS version to determine if it should update. The floor is automatically calculated based on the date Apple releases an update. When updating, Iru Endpoint always installs the latest available version of macOS that is approved by Iru (which is displayed in the upper-right-hand corner of the Library Item).When a new update is released in Iru Endpoint, it will be automatically cached on your users’ devices as soon as it is available. After the macOS installer is successfully cached, users will be notified of the pending installation. They will continue to be notified each day leading up to enforcement. The Iru menu app displays rounded days (so if an update will be enforced in 7.6 days, 8 days is displayed).
Configure Enforcement Time
Select an Enforcement Time, which will be the exact time of day that the update is enforced; the enforcement will be determined server-side based on the selected Enforcement Time Zone.
Select Time Zone
Select an Enforcement Time Zone to determine when to enforce the update. This is only for upgrades from macOS 13 and earlier.
Configure Background Security Improvements Enforcement
Under Background Security Improvements Enforcement, choose whether to automatically enforce these updates when Apple makes them available. Options:
- None: Background Security Improvements will not be enforced.
- Automatically enforce: Choose the enforcement timeframe and local time for enforcement.
Set Background Security Improvements Enforcement Timeframe
Select an Enforcement timeframe for Background Security Improvements.
Configure Background Security Improvements Enforcement Time
Select an Enforcement Time, which will be the exact time of day that Background Security Improvements are enforced; the enforcement will be determined server-side based on the previously selected Enforcement Time Zone.
Background Security Improvements apply only to Mac computers on the latest macOS version; users must be on the latest macOS before these updates can be enforced. Background Security Improvements use Declarative Device Management for enforcement.