Systems

Jamf Pro

Affected Customers

University of Illinois IT Pros leveraging Technology Services Endpoint Services Jamf Pro

Actions

• General Information
• Prerequisites
• Hardware Support Considerations
• Software Compatibility
• Deploying OS Updates
• Monitoring & Troubleshooting

General Information

Jamf Pro can be used to install both major (e.g., macOS 15 → macOS 26) OS upgrades and minor (e.g., macOS 26.0 → macOS 26.1) operating system (OS) updates on Apple computers and mobile devices. This functionality uses the Apple MDM framework's update commands.

To update Apple Vision Pros / visionOS, please contact the Endpoint Services team for assistance.

Hardware Support Considerations

Jamf Pro's Software Updates functionality requires:

• Endpoints running a supported operating system:
  • macOS 11 or later
  • iOS/iPadOS 14 or later
  • tvOS 14 or later
• Endpoints that were enrolled into Jamf Pro via Automated Device Enrollment
• Apple Silicon Macs require their Bootstrap Token to be escrowed in Jamf Pro to be able to install updates without requiring user interaction

Hardware Support Considerations

Before planning an OS upgrade, check Apple's system requirements to confirm hardware compatibility.

• macOS 26 Tahoe System Requirements
• macOS 15 Sequoia System Requirements
• macOS 14 Sonoma System Requirements

A Latest Supported OS macOS extension attribute is available on the Operating System tab of a computer's inventory record within Jamf Pro, which lists the latest supported OS that the endpoint's hardware supports.

Software Compatibility

Next, check vendor resources to confirm that all vital software on the device is compatible with the new OS.

Deploying OS Updates

1. Login to the Jamf Pro server.
2. Switch to your department's site using the dropdown in the top-right corner of the Jamf Pro console.
3. Ensure that you have target device groups (smart or static) created that are properly configured and scoped to the endpoints you intend to update.
4. Navigate to Computers or Devices → Software Updates in the sidebar, depending on the endpoint type.
5. Select the desired group(s) you wish to target with the OS update command. Multiple groups may be selected if they share the same Install Action and Target Version.
6. Click the blue Update X selected button.
7. Configure the Software Update command settings as desired. Note that only the Download and schedule to install install action leverages Apple's modern Declarative Device Management (DDM) framework; other actions us Apple's legacy MDM commands.:
   • Install Action:
     • Download only (legacy) - Downloads the OS update but does not initiate installation on the target endpoints. The update is made available to install in the System Settings / Settings app. Further action is required by the end user to initiate the installation of the update.
       
     • Download and install (legacy) - Downloads the OS update and initiates installation on the target endpoints. If the installation attempt is successful, the endpoint will restart and install the update. On computers, the end user can stop the attempt manually and the installation will be attempted the next time the computer is asleep. If the computer is asleep or if the user is logged out when the command is received, installation is attempted when the computer wakes up or the user logs back in to the computer. Mobile devices will prompt the end user to enter their passcode to initiate installation of the update if a passcode is present on the device.
     • Download, install, and allow deferral (legacy) - Downloads the OS update and initiates installation on the target endpoints. The end user will have an option to defer the update. Each deferral delays the installation for 24 hours. Once the predetermined number of deferrals have been used, the update installs automatically. 
       • Note: This install action is only supported on computers. Mobile device groups will instead receive a Download and install command.
       • Note: This install action is only supported for minor updates.
       
       
     • Download, install, and restart (legacy) - Downloads the OS update and initiates installation on the target endpoints with a 60-second countdown prior to restart. There is no option to prolong the countdown. The computer then restarts and the update is installed.
       • Note: This install action is only supported on computers. Mobile device groups will instead receive a Download and install command.
       • ⚠️ Warning: Data loss can occur as the computer will restart without warning when the countdown completes.
       
       
     • Download and schedule to install (declarative device management [DDM]) - Downloads the OS update and schedules a specific date and time for the update to install on the selected endpoint(s). The update executes at the scheduled time based on the local time of the endpoint. If the computer is asleep or if the user is logged out when the command is received, installation is triggered when the computer wakes up or the user logs back in to the computer. Because an authorization token is generated with the users login credentials/passcode, the end user does not need to log in or unlock the endpoint for the update to install. No action from the end user is necessary.
       • Recommended action!
       • Note: This install action is only supported on macOS 14+ or iOS/iPadOS 17+. tvOS, visionOS, and watchOS are not supported.
       • Note: Scheduled updates will only apply to endpoints that are members of the targeted group at time of deployment. Adding an endpoint to the same smart group that previously received a Download and schedule to install command will not retroactively apply the command.
       
       
   • Target Version:
     • Latest version based on device eligibility - To download the update for the latest macOS version based on each endpoint's hardware eligibility 
     • Latest major version - To download the latest major macOS version
       • Not recommended as it does not consider an endpoint's hardware eligibility, which may cause failures.
     • Latest minor version - Downloads the latest minor version of macOS that is installed on an endpoint.
     • Specific version - Downloads the update for a specific macOS, iOS, iPadOS, or tvOS versio. Select Specific version and then select the desired OS version from the pop-up menu.

Additional Notes:

• Apple does not provide a method for configuring the frequency of end-user notifications.
• Once an update command is sent to an endpoint, another command cannot be sent to it until the first command has completed.
• OS upgrades deployed using Jamf Pro's Software Updates functionality will override any software update deferral policies that are present on an endpoint.

Monitoring & Troubleshooting

• To view the status of a pending OS update, view the Operating System section on the Management tab of a computer's inventory record within the Jamf Pro console. Historical OS update commands may be viewed on the Operating System History section on the History tab of a computer's inventory record within the Jamf Pro console.
  
• There are Pending DDM Update Version and Scheduled DDM Update Deadline macOS extension attributes available on the Operating System section of a computer's inventory record within the Jamf Pro console, which lists any pending or scheduled DDM updates for the particular Mac.
  
• OS update commands can be viewed in the System Settings app of the targeted Mac by navigating to System Settings app → General → Device Management. Locate a MDM Profile payload and double-click it to view its details. Within the payload details, there is a Device Declarations section that lists OS update commands.
  

Contact the EPS team