This guide applies to Mac computers
About Managed OS for macOS
Managed OS for macOS allows you to automatically deploy and enforce macOS updates across your fleet of Mac computers. Instead of manually managing OS updates, you can configure Iru Endpoint to handle the entire update process, including downloading, caching, and installing updates according to your specified schedule.How It Works
Iru Endpoint manages macOS updates through a combination of MDM commands and local agent coordination. When you configure Managed OS, Iru handles the entire update lifecycle:- Update detection - Iru monitors for available macOS updates from Apple
- Download and caching - Updates are automatically downloaded and cached on devices
- User notification - Users are notified of pending updates with enforcement deadlines
- Automatic installation - Updates are installed according to your configured schedule
- Compliance monitoring - Iru tracks which devices have successfully updated
Enabling Managed OS for macOS in your Library
To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.Enabling Multiple Managed OS Library Items
When using Iru Endpoint, you can add the same Managed OS version to your Library multiple times. This is helpful when configuring different settings for various Classic Blueprints or creating distinct update settings for nodes in an Assignment Map. To differentiate between these copies, you can use labels.Configuring Managed OS for macOS
Managed OS for macOS is not compatible with blocking the Software Update System Preferences pane via any method, and doing so can produce unexpected behavior.
1
Add Label
Add a Label to easily identify this instance of Managed OS for macOS in your Library. While these labels won’t be visible to end users, they will appear throughout the Iru admin interface.
Screenshot needed: Add a screenshot showing the Label field in the Managed OS configuration interface where admins can add descriptive labels to differentiate multiple instances of the same Managed OS item.
2
Assign to Blueprints
Assign to your desired Blueprints.
Screenshot needed: Add a screenshot showing the Blueprint assignment interface where admins can select which Blueprints to assign the Managed OS configuration to.
3
Configure Installation Method
Configure the way upgrade installations of this major version of macOS should be enforced:
- Continuously Enforce will automatically initiate an upgrade on older versions of macOS, or users can upgrade on their own if they choose to
- Install on-demand from Self-Service. This option can easily be differentiated between Blueprints by making additional copies of the same Managed OS for macOS
1
Configure Version Enforcement
Under Upgrades, select an option for Version Enforcement. Available options include the following:
- Do Not Manage: This option will not manage OS updates. It cannot be selected if you’ve chosen to Continuously Enforce upgrades, as it also determines the schedule and conditions for upgrading.
- Automatically Enforce New Updates: You will also select a Time frame in which new updates will be enforced.
- Manually Enforce Minimum Version: Specify the minimum version a device should be running and the Enforcement Deadline date by which users must update. No updates will be enforced if a device is already running an OS version greater than the specified minimum.
2
Understand Version Enforcement
Automatically Enforce New Updates and Manually Enforce a Minimum Version set a minimum OS version, or “floor,” to compare a device’s OS version to determine if it should update. The floor is automatically calculated based on the date Apple releases an update. When updating, Iru Endpoint always installs the latest available version of macOS that is approved by Iru (which is displayed in the upper-right-hand corner of the Library Item).When a new update is released in Iru Endpoint, it will be automatically cached on your users’ devices as soon as it is available. After the macOS installer is successfully cached, users will be notified of the pending installation. They will continue to be notified each day leading up to enforcement. The Iru menu app displays rounded days (so if an update will be enforced in 7.6 days, 8 days is displayed).
3
Set Enforcement Date
Select an Enforcement Date.
4
Configure Enforcement Time
Select an Enforcement Time, which will be the exact time of day that the update is enforced; the enforcement will be determined server-side based on the selected Enforcement Time Zone.
5
Select Time Zone
Select an Enforcement Time Zone to determine when to enforce the update. This is only for upgrades from macOS 13 and earlier.
6
Configure RSR Enforcement
Under Rapid Security Response (RSR) Enforcement, select an option for RSR Enforcement. Available options include the following:
- None: RSR updates will not be enforced.
- Automatically enforce new RSR updates: If Automatically enforce is selected, the admin must choose the enforcement timeframe and local time for enforcement.
7
Set RSR Enforcement Timeframe
Select an Enforcement timeframe for Rapid Security Response updates.
8
Configure RSR Enforcement Time
Select an Enforcement Time, which will be the exact time of day that the RSR update is enforced; the enforcement will be determined server-side based on the previously selected Enforcement Time Zone.
9
Save Configuration
Click Save.
Because Rapid Security Responses are only applicable for the latest OS, users will be required to first update to the latest OS version before an RSR can be enforced. RSR uses Declarative Device Management for enforcement.
As of Nov 29, 2023, Iru Endpoint uses DDM for Managed OS for macOS Sonoma, iOS 17, and iPadOS 17 and later.
- OS Update Strategies: OS Deferral Restriction and Managed OS - Compare different OS update management approaches
- Delay and Enforce OS Updates - Alternative OS update management using standard MDM profiles