# How to postpone/defer the macOS Sequoia upgrade using Endpoint Central?

## Table of contents

1. [Applicable methods](#applicable-methods-product-wise)
2. [Deploying a block configuration to prevent application execution](#deploying-a-block-configuration-to-prevent-application-execution)
3. [MDM Specific Configurations](#mdm-specific-configurations)
4. [Blocking OS upgrade application via Application Control](#blocking-the-os-upgrade-application-via-application-control)
5. [Turning off automatic updates](#turning-off-automatic-updates)

## Applicable Methods (Product Wise)

Find the appropriate methods applicable based on product:

| Product | Sequoia support | Block Configuration | Using MDM | Using Application Control | Disable Automatic Updates (Patch) | Disable Automatic Updates (Script) |
|---|---|---|---|---|---|---|
| Endpoint Central | Yes | Yes | Yes | Yes | Yes | Yes |
| Endpoint Central MSP | Yes | Yes | Yes | Yes | Yes | Yes |
| Patch Manager Plus | Yes | No | No | No | Yes | No |
| Patch Connect Plus | No | N/A | N/A | N/A | N/A | N/A |
| Vulnerability Manager Plus | Yes | No | No | No | Yes | No |
| Application Control Plus | Yes | No | No | Yes | No | No |
| Device Control Plus | Yes | No | No | No | No | No |
| Browser Security Plus | Yes | No | No | No | No | No |
| RMM Central | Yes | Yes | Yes | No | Yes | Yes |
| Remote Access Plus | Yes | No | No | No | No | No |
| Endpoint DLP | No | N/A | N/A | N/A | N/A | N/A |

## Deploying a block configuration to prevent application execution

Admins can deploy a block configuration to prevent the macOS Sequoia upgrade application from running in their environment using Endpoint Central. For more details, refer to this guide: [App restriction in Mac](https://www.manageengine.com/products/desktop-central/block-exe-mac-script.html)

- **Bundle Identifier:** com.apple.InstallAssistant.macOSSequoia
- **Installer Name:** Install macOS Sequoia.app

**NOTE:** Deferring macOS Sequoia through block configuration will not work for macOS Sonoma.

## MDM specific configurations

1. **Through Custom Configurations:**

   - Download [RestrictOSUpgrade.mobileconfig](https://workdrive.zohoexternal.com/external/f52dcc26dc1491927c175cb817b6c532bd9b130db4c1404921abd44f3c05da2e)
   - Extract the zip file and get the profile named "RestrictOSUpgrade.mobileconfig".
   - Navigate to **Configuration > Mac Configuration > Custom Configuration.**
   - Attach the "RestrictOSUpgrade.mobileconfig" profile and deploy it to the target devices. This will defer the OS upgrade and prevent it from being shown in Software Update.

   **NOTE:** The macOS upgrade through custom configuration can be deferred via MDM for up to 90 days.

2. **Disabling the software update system settings menu:**

   - Navigate to **Configurations -> Mac Configuration -> System Preferences.**
   - Select **Software Update** and deploy the configuration to the target devices. This will remove the Software Update option from the System Settings menu.

## Blocking the OS upgrade application via Application Control

To block the macOS Sequoia upgrade application via Application Control:

- Navigate to **App Ctrl -> Application Groups -> Create Blocklist (Mac)**.
- Select **Install macOS Sequoia.app** and deploy the created blocklisted app group to the target devices.
- This will prevent end users from upgrading via the application.

**NOTE:** If Install macOS Sequoia.app is not already available in the App Group list, you can create a custom rule. For more details, refer here: [Creating custom rules](https://www.manageengine.com/application-control/how-to/create-custom-rule-for-application.html)

- **Custom Rule Details:**
  - Rule Type: Application
  - Vendor Name: Apple Upgrade
  - Team Identifier: unknown-acp
  - Application Name: Install macOS Sequoia.app
  - Bundle Identifier: com.apple.InstallAssistant.macOSSequoia
  - Verified Publisher: Yes

## Turning off automatic updates

1. **Using Patch:**

   - Navigate to **Patch Management > Patches > Supported Patches > Turn off Mac Automatic Update (Deployment-Only).**
   - Deploy this patch to the target devices. This will turn off automatic updates on those endpoints.
   - **To enable automatic updates**, navigate to **Patch Management > Patches > Supported Patches > Turn on Mac Automatic Update (Deployment-Only).**

2. **Using Scripts:**

   - Navigate to **Configuration > Script Repository > Templates > Search "AppStoreAutoUpdateDisable.sh" > Add to Repository.**
   - Create a Mac custom script configuration with "AppStoreAutoUpdateDisable.sh" and deploy it.
   - **To enable automatic updates**, use the "AppStoreAutoUpdateEnable.sh" script and deploy it.

**NOTE:** "Turning off automatic updates" will only disable the Mac Automatic Update. Endpoint users can still update their Mac manually.