Apple configurator 2 jamf pro12/16/2023 The update to be installed is $OSVersion You will not receive notification prior to the reboot due to the urgency of this update. Your Mac will receive the $OSVersion $Date and will be forced to reboot to install it. Technology has identified your computer as needing an important update to $OSVersion to patch Security Vulnerabilities. JamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" #* Script Name: Notifications: MacOS Update Security Compliance #* FileName: Notifications: MacOS Update Security Compliance If on Ventura the script will open system setting software update, I also need to add an if statement to open system preferences software update for Monterey and older but I did not have time to before putting the script in place. I need to update this script to check the OS version and exit out if the OS is compliant rather than relying on JAMF data, but it works as is. I use JAMF Helper to notify users, and set the policy to run once a day on devices not running the desired OS. When a user tries to open the app they are told to run OS updates. For users who refuse to patch on devices that don't want to update with MDM commands I have a series of software restrictions in place to block many of our core applications. Then I will attempt to issue the MDM command to install updates which unfortunately has about a 30% fail rate which is just to high. With how horrible Apple Operating Systems are at allowing us to reliably install OS updates, I usually defer to users for critical updates. Day 6 - Update the minimum required OS in a smart group which software restrictions target to force user engagement for any devices that fail to patch.Day 5 - Notify users of the update again if their device has not updated, and warn them of restrictions for noncompliance.Day 2 - Send the Install All Update Force Restart mass action.Hour 4 - Run a policy on recurring check in once a day to force a recon to identify the number of devices that are patching.Hour 2 - After allowing time for the Configuration Profiles to do their thing, I notify users to self update.Hour 0 - Remove all software update deferrals.My org did assess the risk and said patch. Not all 0 days are critical to all organizations as some have other mitigating factors. I wait for Security to determine the risk of the vulnerability.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |