Category filter

How to deploy Patches and Updates manually on macOS devices?

Maintaining up-to-date software is crucial for the security and stability of macOS devices. With Hexnode UEM, IT administrators can manually deploy patches and updates, ensuring full control over which updates are installed, on which devices, and when. The Deployments feature streamlines this process by allowing administrators to select, schedule, and assign updates to specific device or user groups, ensuring a controlled and efficient rollout.

Manual deployment allows administrators to review available updates and selectively push them as needed. This ensures flexibility in managing updates, reducing the risk of disruptions caused by unexpected compatibility issues.

Manual deployment is particularly useful when organizations need precise control over the rollout process, such as when testing updates on specific devices before wider deployment or addressing critical fixes without waiting for scheduled updates.

Steps to deploy patches manually

  1. Log in to Hexnode UEM.
  2. Navigate to the Deploy tab, click on New Deployment, and select macOS as the platform.
  3. Basic

    Provide the following details:

    • Name: Enter a name for the deployment.
    • Description: Add a brief description to clarify the deployment’s intent or scope (optional).

  4. Click Next.
  5. Action

    Select Patches and Updates – Manual to deploy OS and app updates to macOS devices.

    Configuring patches and updates involves two steps:

    1. Choose update categories to target

      You can select the type of updates to deploy, either OS Updates or Apps.

      OS Updates

      When choosing OS Updates for macOS devices, you can specify the type of updates to deploy:

      • Rapid Security Responses – Delivers critical security fixes without requiring a full software update.
      • Major Updates – Introduces significant OS upgrades with changes in functionality, user interface, and general appearance.
      • Minor Updates – Includes performance improvements, security patches, and bug fixes.
      • Firmware Updates – Updates low-level software embedded in hardware components, enabling performance improvements, bug fixes, and security enhancements.
      • Config Data Updates – These are modifications to system or application configuration settings stored in property list (plist) files. These updates can alter default application behaviour, system-wide settings, or user preferences.

      App Updates

      When selecting Apps, you can define the type of applications to be updated:

      • VPP Apps – Updates for apps distributed through Apple’s Volume Purchase Program (VPP).

        Note:

        For deploying updates to VPP apps, the app must already be installed on the device; otherwise, the update deployment will fail.

      • System Apps – Updates for pre-installed system applications.
    2. Select updates to deploy

      This section displays the available updates for macOS and Apps, allowing you to select multiple updates for deployment.

      For OS Updates, you can search using:

      • Update name
      • GUID

      For Apps updates, you can search using:

      • Update name
      • App identifier
      • Publisher

      Additionally, you can also control the behaviour of OS Updates by choosing one of the following actions.

      • Notify Only – Alerts the user about an available OS update via the App Store.
      • Download Only – Downloads the OS update without installing it.
      • Download and Install – Downloads the update and begins installation immediately. If the update is already downloaded, installation starts right away.
      • Install Immediately – Installs the already downloaded OS update.
      • Install and Force Restart – Installs the OS update and forces the device to restart.

  6. Once the actions are selected, click Next.
  7. Settings and Schedule

    Configure deployment scheduling and related settings here.

    • Trigger: Defines the condition that initiates the deployment. For macOS devices, only the “Time” trigger is available.
    • Initiate: Set the deployment initiation frequency. Choose from:
      • Once, ASAP – Executes the deployment immediately after creation.
      • Once – Runs the deployment at a specified date and time.
      • Repeat at a set schedule – Repeats the deployment based on a defined frequency.

    Scheduling options:

    • Scheduled Date (for the Once option) – Select a specific date for deployment initiation in MM/DD/YYYY format.
    • Scheduled Day (for the Repeat at a set schedule option) – Choose how often the deployment repeats:
      • Everyday – Triggers the deployment daily.
      • Selected days – Runs on specific days of the week.
      • Monthly – Executes on a specific day each month (e.g., the 10th).
    • Scheduled Time (for both Once and Repeat at a set schedule options) – Set the exact time for deployment execution in HH:MM format and select the time zone.

  8. Once you have configured the Settings and Schedule, click Next. On the following page, you can define the target filters.
  9. Target Filters

    Configure target filters in this section. Specify options for Included groups, Excluded groups, and custom filters by selecting the Filters option.

    Included groups

    Select device or user groups to which the deployment has to apply to. Click Add Groups to view and choose from the available device and user groups in your Hexnode UEM portal. At least one device or user group must be selected to proceed with the deployment.

    Excluded groups

    Select device or user groups to exclude from the deployment. Click Add Groups to display the available groups for exclusion.

    Note:

    If a device or user belongs to groups that are present in both the Included and Excluded lists, the deployment will not be applied to that device/user. This ensures that conflicting assignments do not occur, maintaining consistency in deployment.

    Filters

    Create custom filters based on the following categories:

    • Device – Attributes specific to the device.
    • User – Attributes related to users assigned to the devices.
    • Network – Attributes related to the device’s network.
    • Device Status – Attributes concerning compliance and operational status.

    Configuring Filters

    Set the following fields to define filter conditions:

    • Select Column – Choose a category for filtering. Relevant sub-categories appear based on your selection.
    • Select Comparator – Define the comparison method.
    • Select Value – Specify the filtering criteria.

    Below is a list of available filter categories and their corresponding sub-categories:

    Main category Sub- categories
    Device
    • Apple DEP
    • Asset tag
    • Available internal storage
    • Battery level
    • BitLocker Policy Compliance
    • Department
    • Device ID
    • Device model
    • Device notes
    • Device type
    • Encryption Status
    • Enrolled time
    • Enterprise Management Type
    • Installed RAM
    • Last checked-in time
    • Manufacturer
    • MEID
    • OS name
    • OS version
    • Ownership
    • Platform
    • Processor name
    • Serial number
    • Supervision
    • Total internal storage
    • TPM version
    • UDID
    • Used internal storage
    User
    • Alternate email
    • Department (AD)
    • Domain name
    • Email
    • Office location (AD)
    • sAMAccountName
    • Title (AD)
    • User type
    • Username
    Network
    • Bluetooth MAC address
    • Current carrier network SIM 1
    • Current carrier network SIM 2
    • Current MCC
    • Current MNC
    • Ethernet IP Address
    • Ethernet MAC address
    • Home carrier
    • Home country
    • ICCID SIM 1
    • ICCID SIM 2
    • IMEI SIM 1
    • IMEI SIM 2
    • IMSI
    • International data roaming
    • Last connection date
    • Personal Hotspot
    • Phone number SIM 1
    • Phone number SIM 2
    • Roaming enabled
    • SIM carrier network
    • Subscriber carrier network (iOS)
    • Subscriber MCC
    • Subscriber MNC
    • Wi-Fi IP Address
    • Wi-Fi MAC address
    • Wi-Fi SSID
    Device Status
    • Activity status
    • Application compliance status
    • Compliance status
    • Enrollment status
    • Geofence compliance status
    • Jailbroken
    • Kiosk mode
    • Lost mode
    • MDM profile
    • Password compliance status
    • Rooted
    1. After selecting the desired sub-category, a comparator must be chosen.

      Notes:


      The available comparators vary depending on the selected sub-category.

      For example, if Apple DEP is chosen as the sub-category, the available comparators are Is and Is not.

    2. After selecting the comparator, the value for comparison must be chosen or entered.

      In the case of the Apple DEP sub-category, the available options are Disabled and Enabled.

      Notes:
      • You can add nested filters using the ‘+’ icon along with the AND operator. To remove a filter, simply click the trash icon next to the ‘+’ icon.

      • When dealing with multiple filters, there are two available operator options: “AND” and “OR“.

      • Choosing AND means that devices must meet the criteria set by all the filters. On the other hand, selecting OR allows the deployment to apply to devices that meet at least one of the criteria from the filters.

  10. After setting the filters, click Next.
  11. Review the configured deployment settings. Click Edit to modify any section if needed.
  12. Once you have reviewed the deployment, click Save.

Once a Manual Patch Deployment is created, you can track its status and make modifications if needed from the Deployments subtab under the Patches and Updates tab.

  • Patches and Updates