This guide applies to Mac computers
About Managed OS for macOS
Managed OS for macOS deploys and enforces macOS updates across your fleet of Mac computers via Declarative Device Management (DDM). You can offer major macOS upgrades on-demand from Self Service or have them enforced automatically. When you configure Managed OS, Iru declares the required macOS version and deadline; macOS handles download, caching, notifications, and installation. Iru handles:- Update detection: Iru monitors for available macOS updates from Apple
- Download and caching: Updates are automatically downloaded and cached on devices
- User notification: Users are notified of pending updates with enforcement deadlines
- Automatic installation: Updates are installed according to your configured schedule
- Compliance monitoring: Iru tracks which devices have successfully updated
Enabling Managed OS for macOS in your Library
To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.Enabling Multiple Managed OS Library Items
When using Iru Endpoint, you can add the same Managed OS version to your Library multiple times. This is helpful when configuring different settings for various Blueprints or creating distinct update settings for nodes in an Assignment Map. To differentiate between these copies, you can use labels. See Library Item Labels in Library Overview for steps.Configuring Managed OS for macOS
Add Label
Add a Label to easily identify this instance of Managed OS for macOS in your Library. While these labels won’t be visible to end users, they will appear throughout the Iru Endpoint Web App. See Library Item Labels in Library Overview for steps.
Assign to Blueprints
Assign to your desired Blueprints.
Configure Installation Method
Configure the way upgrade installations of this major version of macOS should be enforced:
- Continuously Enforce will automatically initiate an upgrade on older versions of macOS, or users can upgrade on their own if they choose to
- Install on-demand from Self Service. This option can easily be differentiated between Blueprints by making additional copies of the same Managed OS for macOS
Configure Version Enforcement
Under Updates, select an option for Version Enforcement. Available options include the following:
Do Not Manage
This option will not manage macOS updates. It cannot be selected if you’ve chosen to Continuously Enforce upgrades, as it also determines the schedule and conditions for upgrading.Rolling enforcement
Select Within (1 day, 2 days, 1 week, 2 weeks, 3 weeks, 1 month, 2 months, or 3 months) of release and at a time for enforcement.Manually Enforce Minimum Version
Specify the minimum macOS version a Mac should be running and the Enforcement Deadline date by which users must update. No updates will be enforced if a Mac is already running a macOS version greater than the specified minimum. You will also select an Enforcement Time.Enforce a Specific Version
Uses the same version selection dropdown and enforcement scheduling fields as Manually Enforce Minimum Version—select a Specific version, an Enforcement Deadline (on), and an Enforcement Time (at). Unlike Manually Enforce Minimum Version, this option enforces that exact macOS version rather than a minimum floor.Configure Background Security Improvements Enforcement
Under Background Security Improvements Enforcement, choose whether to automatically enforce these updates when Apple makes them available. Options:
- None: Background Security Improvements will not be enforced.
- Automatically enforce: Choose the enforcement timeframe and local time for enforcement.
Set Background Security Improvements Enforcement Timeframe
Select an Enforcement timeframe for Background Security Improvements.
Configure Background Security Improvements Enforcement Time
Select an Enforcement Time, the time of day Background Security Improvements are enforced in the device’s local time zone.
Background Security Improvements apply only to Mac computers on the latest macOS version; users must be on the latest macOS before these updates can be enforced. Background Security Improvements use Declarative Device Management for enforcement.
Related Articles
Understanding Issues with Managed OS for macOS
Understand how Managed OS works with DDM and macOS when troubleshooting updates
Understanding Managed OS for Apple Platforms
Understand how Managed OS enforcement works on Apple devices
Managed OS for macOS Compatibility and Installation Mechanisms
Understand compatibility and installation mechanisms for Managed OS on macOS
Declarative Device Management and Managed OS
About Apple DDM and Managed OS in Iru Endpoint
macOS Managed OS User Experience
What to expect when using Managed OS on Mac computers
OS Update Strategies: OS Deferral Restriction and Managed OS
Compare different OS update management strategies
Delay and Enforce OS Updates
Configure OS update delays and enforcement policies
Configure the Windows Update Library Item
Manage Windows Update settings and the end-user update experience on Windows devices