# Deploy OS updates on Apple silicon Macs without user intervention

Deploying and installing OS updates on Apple silicon Macs, requires the systems to be authenticated with the user credentials. While this in-built workflow is meant to secure the systems by verifying user ownership, at times this also hinders proper patch deployment as well as employee productivity.

This can be combatted via silent installation of patches on Apple silicon Macs, by enrolling them with MDM in Endpoint Central. Once the Mac systems have been enrolled, the agent reaches out to the MDM server to deploy the OS patches.

## Table of contents

1. [Steps to enroll Mac systems using MDM](#steps)
2. [Deploying patches to enrolled systems](#deploy)
3. [Common system remarks](#remarks)

## Steps to enroll Mac systems using MDM

You can enroll the Mac systems in one of the following ways:

- [Via Apple Business Manager](https://www.manageengine.com/mobile-device-management/how-to/mdm-enroll-mac-without-reset.html)
- [Via Apple Configurator](https://www.manageengine.com/mobile-device-management/help/enrollment/enroll_ios_devices_using_apple_configurator.html)

## Deploying patches to enrolled systems

Once the systems have successfully been enrolled, you can deploy patches manually via [Manual Deployment](https://www.manageengine.com/patch-management/help/deploy-patches-manually.html) or an [Automate Patch Deployment](https://www.manageengine.com/products/desktop-central/automated_patch_deployment_process.html) task.

## Common system remarks

Below-mentioned is a list of the common system remarks that might appear while deploying patches for the Apple Silicon Mac systems or enrolling the systems via MDM.

- **Not enrolled in MDM**

This remark appears when the systems have not been enrolled with MDM. It is recommended to enroll the systems with MDM via the steps mentioned here.

- **Incomplete Enrollment Configuration**

This remark appears in case the bootstrap token has not been escrowed to the MDM server. To verify if the token has been escrowed, navigate to the terminal and type in the following command:  
*sudo profiles status -type bootstraptoken*

In case the bootstrap token has not been escrowed, the output to the parameter **profiles: Bootstrap Token escrowed to server:** will appear as **NO**.

![Bootstrap token not escrowed to the MDM server](https://www.manageengine.com/products/desktop-central/help/images/bootstrap-not-escrowed-patching.png)

In case the token is not escrowed, you can escrow it manually to the server by using the following command:  
*sudo profiles install -type bootstraptoken*

![](https://www.manageengine.com/products/desktop-central/help/images/bootstrap-escrowed-patching.png)

- **Enrolled with a different vendor**

The Apple silicon Mac systems need to be enrolled with ManageEngine's MDM server for seamless patching without user intervention. This remark appears in case the systems have been enrolled with a different MDM solution.