How to
Home » Features »

How to

How to Defer macOS Tahoe Upgrade

Admins can postpone or block the upgrade of macOS Tahoe using Endpoint Central through the following methods:

Table of contents

  1. Applicable methods
  2. MDM Specific Configurations
  3. Blocking OS upgrade application via Application Control
  4. Turning off automatic updates

Applicable Methods (Product Wise)

Find the appropriate methods applicable based on product:

Product Tahoe support Using MDM Using Application Control Disable Automatic Updates (Patch)
Endpoint Central Yes Yes Yes Yes
Endpoint Central MSP Yes Yes Yes Yes
Patch Manager Plus Yes No No Yes
Patch Connect Plus No N/A N/A N/A
Vulnerability Manager Plus Yes No No Yes
Application Control Plus Yes No Yes No
Device Control Plus Yes No No No
Browser Security Plus Yes No No No
RMM Central Yes Yes No Yes
Remote Access Plus Yes No No No
Endpoint DLP No N/A N/A N/A

MDM specific configurations

  1. Through Custom Configurations:
    • Download RestrictOSUpgrade.mobileconfig file
    • Extract the zip file and get the profile named "RestrictOSUpgrade.mobileconfig".
    • Navigate to Configuration > Mac Configuration > Custom Configuration.
    • Attach the "RestrictOSUpgrade.mobileconfig" profile and deploy it to the target devices. This will defer the OS upgrade and prevent it from being shown in Software Update.
    • NOTE: The macOS upgrade through custom configuration can be deferred via MDM for up to 90 days.
  2. Disabling the software update system settings menu:
    • Navigate to Configurations -> Mac Configuration -> System Preferences.
    • Select Software Update and deploy the configuration to the target devices. This will remove the Software Update option from the System Settings menu.

    3. Blocking the OS upgrade application via Application Control

    To block the macOS Tahoe upgrade application via Application Control:

    • Navigate to App Ctrl -> Application Groups -> Create Blocklist (Mac).
    • Select Install macOS Tahoe.app and deploy the created blocklisted app group to the target devices.
    • This will prevent end users from upgrading via the application.
Note
If Install macOS Tahoe.app is not already available in the App Group list, you can create a custom rule. For more details, refer here: Creating custom rules
    • Custom Rule Details:
      • Rule Type: Application
      • Vendor Name: Apple
      • Team Identifier: APPLE
      • Application Name: Install macOS Tahoe.app
      • Bundle Identifier: com.apple.InstallAssistant.macOSTahoe
      • Verified Publisher: Yes

    Turning off automatic updates

    Using Patch:

    1. Navigate to Patch Management > Patches > Supported Patches > 604011 - Turn off Mac Automatic Update (Deployment-Only).
    2. Deploy this patch to the target devices. This will turn off automatic updates on those endpoints.
    3. To enable automatic updates, navigate to Patch Management > Patches > Supported Patches > 604012 - Turn on Mac Automatic Update (Deployment-Only).

Trusted by