Managed OS for macOS Compatibility and Installation Mechanisms
Understand compatibility and installation mechanisms for Managed OS on macOS
This guide applies to Mac computers
Managed OS is a feature in Iru Endpoint that lets you specify a minimum macOS version a supervised Mac must run and enforce updates when that minimum is not met. The experience is similar to Auto Apps.
Managed OS uses Declarative Device Management (DDM) to deliver and enforce macOS updates. The operating system handles downloading, caching, user notifications, and installation. You can offer major macOS upgrades via Self Service (install on-demand from Self Service) or have them enforced automatically. For more on how DDM and Managed OS work together, see Declarative Device Management and Managed OS.Update types you can manage include:
Minor and patch updates (e.g., 14.2.1 → 14.3)
Major version upgrades (e.g., macOS 14 → 15)
Background Security Improvements — Lightweight security updates from Apple (Safari, WebKit, system libraries) delivered between full OS updates.
Managed OS for macOS is not compatible with blocking the Software Update System Settings pane via any method; doing so can produce unexpected behavior.
If you use Automatically Enforce New Updates, the enforcement schedule is based on Apple’s release date. For example, with a 2-week timeline, if Apple has not released a new update in the last 2 weeks, at the next check-in the system may begin enforcing the latest available update. Out-of-date Mac computers would then see the countdown and be required to update and restart.For your first time enforcing a minimum macOS version on your fleet, Iru Endpoint recommends using Manually Enforce Minimum Version and setting the enforcement deadline at least 5 days away so users get advance notifications instead of an immediate requirement.
To avoid conflicts with pre-downloading and caching, if you use Managed OS, turn off automatic download of updates in any Software Update Library Items used in the same Blueprint.
