Vital information about the significant changes introduced in Munki v5 and how they affect end users.
Munki Mac Endpoint Management
University of Illinois IT Pros leveraging Technology Services Endpoint Services Munki Mac Endpoint Management systems.
Beginning with macOS 10.14, handoffs between Munki and Apple's softwareupdate tool (which Munki uses to install Apple software updates) became problematic, with Munki often failing to trigger Apple software updates at the login window and updates not completing.
In addition, with macOS 11 on Apple Silicon/M1 hardware, installing Apple software updates via Munki is no longer possible due to changes Apple has made.
Munki release v5 addresses this issue by not attempting to install certain Apple updates on macOS 10.14 (Mojave) and above. Specifically:
In the following screenshot, Managed Software Center offers a typical set of updates, including an Apple update that requires a restart:
When "Update All" is selected, Munki v5 displays a dialogue directing users to use System Preferences - Software Update to install the Apple update that requires a restart:
If the user clicks "Skip these updates", the Apple update requiring a restart is removed from the list of updates in Managed Software Center. Clicking "Update All" will install the remaining updates in the usual fashion. At the next Munki update check, any skipped Apple updates will be offered again.
However, if the user clicks the "Install Now" button, Munki v5 will launch System Preferences - Software Update.
If the user selects the "More info" link, all pending Apple Software updates are displayed with additional information, including an "Install Now" button:
Note that the major macOS upgrade offer (in this example, for Big Sur on a Catalina system) is prominent, and might mislead the user into incorrectly selecting "Upgrade Now" instead of correctly selecting the "More info" link. While Apple does provide a mechanism to suppress major OS upgrade offers, this functionality requires MDM enrollment. Standard/non-admin accounts can click the "Upgrade Now" button to download a macOS upgrade installer, but administrator credentials are required to perform the upgrade itself.
With Munki v5, Managed Software Center will provide additional encouragement and cues intended to guide end users to install updates in a timely fashion.
Munki v5 also introduces "aggressive update notification" mode to further discourage update deferral. In addition to the new update encouragement behavior, if the user attempts to quit Managed Software Center when any update (Apple or otherwise) has been pending for more than 14 days:
Aggressive update notification mode can be configured to shorten or lengthen the default interval of 14 days by using one of the following optional configurations.
Because the force_install_after_date key will no longer work for Apple metadata packages on macOS 10.14 and up under Munki v5, Endpoint Services has deprecated the global_free_appleforcedupdates catalog. Please delete this catalog from your manifest templates so that it will not be included in any newly-onboarded clients.
When you are ready to upgrade your Macs to Munki v5, modify your unit manifests to replace munkitools and all munkitools_x packages with munkitools5.
For the time being, Endpoint Services will continue to make Munki v4 available under the same name key. Units needing extra time to prepare for v5 do not need to take any action in order to stay on v4. However, all units will eventually need to transition to v5.
Note that Big Sur requires Munki v5.
Apple currently provides no native mechanism for automating software updates without user interaction. The Endpoint Services team has a workaround for labs, kiosks, and other scenarios where asking end users to install updates is not feasible. If you have need of this solution in your environment, please contact the EPS team.
For your convenience, the following is a sample email for informing your Mac users about the coming changes to Managed Software Center behavior.
The following information is for faculty and staff with IT-managed Macs, and contains important information about upcoming changes to the way software updates are handled.
Some of you have experienced issues with Apple software updates hanging at the login window, necessitating computer restarts and resulting in workflow disruptions. In response to this issue, on [date], we are releasing a new version of Managed Software Center, the application used to keep macOS updated.
Once your Mac has received the Managed Software Center update, you will see the following changes to how software updates are handled:
Subscribe to the Munki changelog if you wish to be notified about upcoming product and service changes affecting Munki and MunkiReport. (The 'Subscribe to changes' button is located just above the page footer.)