Content in Patches for Mac OS X site has been modified.
BigFix Patch now supports Audit Only content for MacOS Monterey on both Intel and ARM64 architecture.
New Fixlets:
UPDATE: macOS Monterey 12.5.1 Available (ID: 12000001)
UPDATE: macOS Monterey 12.5.1 Available for Apple Silicon (ARM64) (ID: 12000002)
Published site version:
Patches for Mac OS X, version 524.
Actions to Take:
Gathering of the site will automatically show the updates made.
Note: MacOS Monterey content is for Audit purpose only. The update must be installed manually on the endpoint.
Do the “Audit Only” statements mean that HCL only provides “Audit Only” content for macOS 12 Monterey now? Or is “Audit Only” content available in addition to full management content that patches the computer?
Apple restrictions on patching methods for Monterey 12.5.1 are limiting abilities for any management product to apply OS updates without user interaction. The audit-only fixlets are a stopgap measure we are providing to help audit and identify your level of risk, while we continue work installation methods.
Work is still in progress. I can’t make an official statement at this time, but be prepared that installing MacOS updates may require a deployed MDM, or require user interaction on the endpoint, to complete remediation.
If one knows a valid admin user/pass, and has sufficient kungfu to gin up a secure parameter fixlet that deploys shell scripts with the right expect logic, one might be able to effectively script Monterey updates. (I have not done this.)
Thank you, @JasonWalker and @atlauren. I was afraid it was this. Does BigFix MCM apply here? We’ve not deployed this yet, but do have another macOS MDM in use (sorry) that we can use for most machines in the meantime.
MCM would conceivably bridge the gap. I (also) have not deployed this, because we (also) have another MDM in use that predates MCM’s entrance in the market.
Right now we’re pludging along with MDM policies that set Software Update behavior, and a set of recurring BigFix actions that forever nag users to install updates and also launch the Software Update panel. It is sub-ideal.
FWIW, managing Software Update is a considerable source of pain in MacIT world right now. Most customers are ginning up nagging solutions using Nudge. Even then, sometimes Software Update gets “wedged” and needs a swift kick.