In this guide, you will learn how to enable Automatic Updates for macOS Devices using Intune. You need to create software update policy to prevent end users from disabling update checks. It also configures the device to check for updates and prompt users regularly.
To update macOS devices, Microsoft recommends creating a managed software update policy to force updates to be downloaded and installed at a convenient time and Creating a Settings Catalog software update policy to prevent end users from disabling update checks.
Intune has built-in policies that can manage software updates. You can use Intune to manage device updates, configure when devices are updated, and review the device update status for macOS devices.
Users receive notifications or see the latest updates on their devices by default, and can choose to download and install updates whenever they want. Users can also change the update behavior using the Automatic Updates feature on the device (Settings > Software Updates).
When users install their own updates, they can avoid applying updates required for security or app compatibility reasons. This delay can leave the devices at risk and/or prevent them from being able to function. It’s recommended you create policies that update your devices. It’s not recommended to put this responsibility on end users.
- Apple Emergency Patch Released To Fix WebKit Security Vulnerabilities
- Easy Method To Force Safari Patch Updates On MacOS Using Intune
Enable Automatic Updates for macOS Devices Using Intune
The following steps help you to effectively manage automatic updates for macOS managed by Microsoft Intune. This allows admins to manage the software updates and keep the device secure.
- Sign into the Microsoft Intune Admin portal https://intune.microsoft.com/.
- Select Devices > Configuration profiles > Create profile or navigate directly to macOS > Configuration profiles. Here, in this case platform will be prepopulated.
In Create Profile, select macOS in Platform, and Select Profile Type as Settings Catalog. Click on the Create button.
In the macOS Basics tab, enter the descriptive name for the new profile. For example, Enable Automatic Updates, and add a description for the profile to understand the policy usage and Select Next.
On the Configuration settings tab, With the settings catalog, you can choose which settings you want to configure. Click on Add Settings to browse or search the catalog for the settings you want to configure.
Search for “Automatic Check Enabled” or “Automatic Check”. Select the “System Updates > Software Update” from the search result. Select “Automatic Check Enabled” and close the pane.
This policy setting allows you to configure the user experience for macOS software update options on devices, Here, you can see all the settings are True and click on the Next.
- Restrict Software Update Require Admin To Install: If true, restrict app installations to admin users. This key has the same function as the Restrict Store Require Admin To Install setting in the App Store category.
- Critical Update Install: If false, disables the automatic installation of critical updates and prevents the user from changing the “Install system data files and security updates” option.
- Config Data Install: If false, restricts the automatic installation of configuration data.
- Automatically Install macOS Updates: If false, restricts the “Install macOS Updates” option and prevents the user from changing the option.
- Automatically Install App Updates: If false, deselects the “Install app updates from the App Store” option and prevents the user from changing the option.
- Allow Pre Release Installation: If true, prerelease software can be installed on this computer.
- Automatic Check Enabled: If false, deselects the “Check for updates” option and prevents the user from changing the option.
- Automatic Download: If false, deselects the “Download new updates when available from the App Store” option and prevents the user from changing the option.
Using Scope tags, you can assign a tag to filter the profile to specific IT groups. One can add scope tags (if required) and click Next to continue.
Now in Assignments, in Included Groups, you need to click on Add Groups, choose Select Groups to include one or more groups, and click Next to continue.
In the Review + Create tab, you need to review your settings. After clicking Create, your changes are saved, and the profile will be assigned to the added devices group.
A notification will appear automatically if you see it in the top right-hand corner. One can easily see that the Policy “Enable Automatic Update” was created successfully. Also, if you check the Configuration Profiles list, the Policy is visible there with the tag NEW.
Note! The device groups will receive your profile settings when the devices check in with the Intune service. The Policy applies to the device.
Monitor macOS Software Update Policy Deployment
Intune provides several features to monitor and manage device configuration profiles. Once the configuration profile is applied, To monitor Intune policy assignment, from the list of Configuration Profiles, select the policy you targeted, and here you can check the device and user check-in status.
If you click View Report, additional details are displayed. Additionally, you can quickly check the update as devices/users check-in status reports:
macOS Automatic Check for Software Update Option
To check macOS software updates, choose Apple menu > System Settings, click General in the sidebar (you may need to scroll down), then click Software Update on the right.
You can simply click on the Automatic Updates (i) button to get the offered options for you, then make sure that Settings is turned On. This way, you can set up macOS to offer automatic updates. This policy locks these settings, so users can’t change them. On the device, the software update settings are greyed out.
- Check for updates
- Download new updates when available
- Install macOS updates
- Install application updates from the App Store
- Install Security Response and system files
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.