How to postpone/defer the macOS Sequoia upgrade using Endpoint Central?
Applicable Methods (Product Wise)
Find the appropriate methods applicable based on product:
| Product |
Sequoia support |
Block Configuration |
Using MDM |
Using Application Control Plus |
Disable Automatic Updates (Patch) |
Disable Automatic Updates (Script) |
| Endpoint Central |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
| Endpoint Central MSP |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
| Patch Manager Plus |
Yes |
No |
No |
No |
Yes |
No |
| Patch Connect Plus |
No |
N/A |
N/A |
N/A |
N/A |
N/A |
| Vulnerability Manager Plus |
Yes |
No |
No |
No |
Yes |
No |
| Application Control Plus |
Yes |
No |
No |
Yes |
No |
No |
| Device Control Plus |
Yes |
No |
No |
No |
No |
No |
| Browser Security Plus |
Yes |
No |
No |
No |
No |
No |
| RMM Central |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
| Remote Access Plus |
Yes |
No |
No |
No |
No |
No |
| Endpoint DLP |
No |
N/A |
N/A |
N/A |
N/A |
N/A |
Deploying a block configuration to prevent application execution
Admins can deploy a block configuration to prevent the macOS Sequoia upgrade application from running in their environment using Endpoint Central. For more details, refer to this guide: App restriction in Mac
- Bundle Identifier: com.apple.InstallAssistant.macOSSequoia
- Installer Name: Install macOS Sequoia.app
NOTE: Deferring MacOS Sequoia through block configuration will not work for MacOS Sonoma.
MDM specific configurations
-
Through Custom Configurations:
-
- Download RestrictOSUpgrade.mobileconfig file
- Extract the zip file and get the profile named "RestrictOSUpgrade.mobileconfig".
- Navigate to Configuration > Mac Configuration > Custom Configuration.
- Attach the "RestrictOSUpgrade.mobileconfig" profile and deploy it to the target devices. This will defer the OS upgrade and prevent it from being shown in Software Update.
- NOTE: The macOS Upgrade through custom configuration can be deferred via MDM for upto 90 days.
2. Disabling the software update system settings menu:
-
- Navigate to Configurations -> Mac Configuration -> System Preferences.
- Select Software Update and deploy the configuration to the target devices. This will remove the Software Update option from the System Settings menu.
Blocking the OS upgrade application via Application Control Plus
To block the macOS Sequoia upgrade application via Application Control Plus:
- Navigate to App Ctrl -> Application Groups -> Create Blocklist (Mac).
- Select Install macOS Sequoia.app and deploy the created blocklisted app group to the target devices.
- This will prevent end users from upgrading via the application.
NOTE: If Install macOS Sequoia.app is not already available in the App Group list, you can create a custom rule. For more details, refer here:
Creating custom rules
- Custom Rule Details:
- Rule Type: Application
- Vendor Name: Apple Upgrade
- Team Identifier: unknown-acp
- Application Name: Install macOS Sequoia.app
- Bundle Identifier: com.apple.InstallAssistant.macOSSequoia
- Verified Publisher: Yes
Turning off automatic updates
- Using Patch:
- Navigate to Patch Management > Patches > Supported Patches > 604011 - Turn off Mac Automatic Update (Deployment-Only).
- Deploy this patch to the target devices. This will turn off automatic updates on those endpoints.
- To enable automatic updates, navigate to Patch Management > Patches > Supported Patches > 604012 - Turn on Mac Automatic Update (Deployment-Only).
- Using Scripts:
- Navigate to Configuration > Script Repository > Templates > Search "AppStoreAutoUpdateDisable.sh" > Add to Repository.
- Create a Mac custom script configuration with "AppStoreAutoUpdateDisable.sh" and deploy it.
- To enable automatic updates, use the "AppStoreAutoUpdateEnable.sh" script and deploy it.
NOTE: "Turning off automatic updates" will only disable the Mac Automatic Update. Endpoint users can still update their Mac manually.
Free Edition