# How to Defer macOS Tahoe Upgrade Admins can postpone or block the upgrade of macOS Tahoe using Endpoint Central through the following methods: ## Table of contents 1. [Applicable methods](#applicable-methods-product-wise) 2. [MDM Specific Configurations](#mdm-specific-configurations) 3. [Blocking OS upgrade application via Application Control](#blocking-the-os-upgrade-application-via-application-control) 4. [Turning off automatic updates](#turning-off-automatic-updates) ## Applicable Methods (Product Wise) Find the appropriate methods applicable based on product: | Product | Tahoe support | Using MDM | Using Application Control | Disable Automatic Updates (Patch) | |---|---|---|---|---| | Endpoint Central | Yes | Yes | Yes | Yes | | Endpoint Central MSP | Yes | Yes | Yes | Yes | | Patch Manager Plus | Yes | No | No | Yes | | Patch Connect Plus | No | N/A | N/A | N/A | | Vulnerability Manager Plus | Yes | No | No | Yes | | Application Control Plus | Yes | No | Yes | No | | Device Control Plus | Yes | No | No | No | | Browser Security Plus | Yes | No | No | No | | RMM Central | Yes | Yes | No | Yes | | Remote Access Plus | Yes | No | No | No | | Endpoint DLP | No | N/A | N/A | N/A | ## MDM specific configurations 1. **Through Custom Configurations:** - Download [RestrictOSUpgrade.mobileconfig](https://workdrive.zohoexternal.com/external/f52dcc26dc1491927c175cb817b6c532bd9b130db4c1404921abd44f3c05da2e) - Extract the zip file and get the profile named "RestrictOSUpgrade.mobileconfig". - Navigate to **Configuration > Mac Configuration > Custom Configuration.** - Attach the "RestrictOSUpgrade.mobileconfig" profile and deploy it to the target devices. This will defer the OS upgrade and prevent it from being shown in Software Update. - **NOTE:** The macOS upgrade through custom configuration can be deferred via MDM for up to 90 days. 2. **Disabling the software update system settings menu:** - Navigate to **Configurations -> Mac Configuration -> System Preferences.** - Select Software Update and deploy the configuration to the target devices. This will remove the Software Update option from the System Settings menu. ## Blocking the OS upgrade application via Application Control To block the macOS Tahoe upgrade application via Application Control: - Navigate to **App Ctrl -> Application Groups -> Create Blocklist (Mac)**. - Select **Install macOS Tahoe.app** and deploy the created blocklisted app group to the target devices. - This will prevent end users from upgrading via the application. **Note** If Install macOS Tahoe.app is not already available in the App Group list, you can create a custom rule. For more details, refer here: [Creating custom rules](https://www.manageengine.com/application-control/how-to/create-custom-rule-for-application.html) - **Custom Rule Details:** - Rule Type: Application - Vendor Name: Apple - Team Identifier: APPLE - Application Name: Install macOS Tahoe.app - Bundle Identifier: com.apple.InstallAssistant.macOSTahoe - Verified Publisher: Yes ## Turning off automatic updates ### Using Patch: 1. Navigate to **Patch Management > Patches > Supported Patches > 604011 - Turn off Mac Automatic Update (Deployment-Only)**. 2. Deploy this patch to the target devices. This will turn off automatic updates on those endpoints. 3. To enable automatic updates, navigate to **Patch Management > Patches > Supported Patches > 604012 - Turn on Mac Automatic Update (Deployment-Only)**.