Category filter
How to deploy Patches and Updates manually on macOS devices?
Maintaining up-to-date software is crucial for the security and stability of macOS devices. With Hexnode UEM, IT administrators can manually deploy patches and updates, ensuring full control over which updates are installed, on which devices, and when. The Deployments feature streamlines this process by allowing administrators to select, schedule, and assign updates to specific device or user groups, ensuring a controlled and efficient rollout.
Manual deployment allows administrators to review available updates and selectively push them as needed. This ensures flexibility in managing updates, reducing the risk of disruptions caused by unexpected compatibility issues.
Manual deployment is particularly useful when organizations need precise control over the rollout process, such as when testing updates on specific devices before wider deployment or addressing critical fixes without waiting for scheduled updates.
Steps to deploy patches manually
- Log in to Hexnode UEM.
- Navigate to the Deploy tab, click on New Deployment, and select macOS as the platform.
- Name: Enter a name for the deployment.
- Description: Add a brief description to clarify the deployment’s intent or scope (optional).
- Click Next.
-
Choose update categories to target
You can select the type of updates to deploy, either OS Updates or Apps.
OS Updates
When choosing OS Updates for macOS devices, you can specify the type of updates to deploy:
- Rapid Security Responses – Delivers critical security fixes without requiring a full software update.
- Major Updates – Introduces significant OS upgrades with changes in functionality, user interface, and general appearance.
- Minor Updates – Includes performance improvements, security patches, and bug fixes.
- Firmware Updates – Updates low-level software embedded in hardware components, enabling performance improvements, bug fixes, and security enhancements.
- Config Data Updates – These are modifications to system or application configuration settings stored in property list (plist) files. These updates can alter default application behaviour, system-wide settings, or user preferences.
App Updates
When selecting Apps, you can define the type of applications to be updated:
- VPP Apps – Updates for apps distributed through Apple’s Volume Purchase Program (VPP).
- System Apps – Updates for pre-installed system applications.
-
Select updates to deploy
This section displays the available updates for macOS and Apps, allowing you to select multiple updates for deployment.
For OS Updates, you can search using:
- Update name
- GUID
For Apps updates, you can search using:
- Update name
- App identifier
- Publisher
Additionally, you can also control the behaviour of OS Updates by choosing one of the following actions.
- Notify Only – Alerts the user about an available OS update via the App Store.
- Download Only – Downloads the OS update without installing it.
- Download and Install – Downloads the update and begins installation immediately. If the update is already downloaded, installation starts right away.
- Install Immediately – Installs the already downloaded OS update.
- Install and Force Restart – Installs the OS update and forces the device to restart.
- Once the actions are selected, click Next.
- Trigger: Defines the condition that initiates the deployment. For macOS devices, only the “Time” trigger is available.
- Initiate: Set the deployment initiation frequency. Choose from:
- Once, ASAP – Executes the deployment immediately after creation.
- Once – Runs the deployment at a specified date and time.
- Repeat at a set schedule – Repeats the deployment based on a defined frequency.
- Scheduled Date (for the Once option) – Select a specific date for deployment initiation in MM/DD/YYYY format.
- Scheduled Day (for the Repeat at a set schedule option) – Choose how often the deployment repeats:
- Everyday – Triggers the deployment daily.
- Selected days – Runs on specific days of the week.
- Monthly – Executes on a specific day each month (e.g., the 10th).
- Scheduled Time (for both Once and Repeat at a set schedule options) – Set the exact time for deployment execution in HH:MM format and select the time zone.
- Once you have configured the Settings and Schedule, click Next. On the following page, you can define the target filters.
- Device – Attributes specific to the device.
- User – Attributes related to users assigned to the devices.
- Network – Attributes related to the device’s network.
- Device Status – Attributes concerning compliance and operational status.
- Select Column – Choose a category for filtering. Relevant sub-categories appear based on your selection.
- Select Comparator – Define the comparison method.
- Select Value – Specify the filtering criteria.
- Apple DEP
- Asset tag
- Available internal storage
- Battery level
- BitLocker Policy Compliance
- Department
- Device ID
- Device model
- Device notes
- Device type
- Encryption Status
- Enrolled time
- Enterprise Management Type
- Installed RAM
- Last checked-in time
- Manufacturer
- MEID
- OS name
- OS version
- Ownership
- Platform
- Processor name
- Serial number
- Supervision
- Total internal storage
- TPM version
- UDID
- Used internal storage
- Alternate email
- Department (AD)
- Domain name
- Office location (AD)
- sAMAccountName
- Title (AD)
- User type
- Username
- Bluetooth MAC address
- Current carrier network SIM 1
- Current carrier network SIM 2
- Current MCC
- Current MNC
- Ethernet IP Address
- Ethernet MAC address
- Home carrier
- Home country
- ICCID SIM 1
- ICCID SIM 2
- IMEI SIM 1
- IMEI SIM 2
- IMSI
- International data roaming
- Last connection date
- Personal Hotspot
- Phone number SIM 1
- Phone number SIM 2
- Roaming enabled
- SIM carrier network
- Subscriber carrier network (iOS)
- Subscriber MCC
- Subscriber MNC
- Wi-Fi IP Address
- Wi-Fi MAC address
- Wi-Fi SSID
- Activity status
- Application compliance status
- Compliance status
- Enrollment status
- Geofence compliance status
- Jailbroken
- Kiosk mode
- Lost mode
- MDM profile
- Password compliance status
- Rooted
- After selecting the desired sub-category, a comparator must be chosen.
For example, if Apple DEP is chosen as the sub-category, the available comparators are Is and Is not.
- After selecting the comparator, the value for comparison must be chosen or entered.
In the case of the Apple DEP sub-category, the available options are Disabled and Enabled.
- After setting the filters, click Next.
- Review the configured deployment settings. Click Edit to modify any section if needed.
- Once you have reviewed the deployment, click Save.
Provide the following details:
Select Patches and Updates – Manual to deploy OS and app updates to macOS devices.
Configuring patches and updates involves two steps:
Configure deployment scheduling and related settings here.
Scheduling options:
Configure target filters in this section. Specify options for Included groups, Excluded groups, and custom filters by selecting the Filters option.
Included groups
Select device or user groups to which the deployment has to apply to. Click Add Groups to view and choose from the available device and user groups in your Hexnode UEM portal. At least one device or user group must be selected to proceed with the deployment.
Excluded groups
Select device or user groups to exclude from the deployment. Click Add Groups to display the available groups for exclusion.
Filters
Create custom filters based on the following categories:
Configuring Filters
Set the following fields to define filter conditions:
Below is a list of available filter categories and their corresponding sub-categories:
Main category | Sub- categories |
---|---|
Device |
|
User |
|
Network |
|
Device Status |
|
Once a Manual Patch Deployment is created, you can track its status and make modifications if needed from the Deployments subtab under the Patches and Updates tab.