Deploying and installing OS updates on Apple silicon Macs, requires the systems to be authenticated with the user credentials. While this in-built workflow is meant to secure the systems by verifying user ownership, at times this also hinders proper patch deployment as well as employee productivity.
This can be combatted via silent installation of patches on Apple silicon Macs, by enrolling them with MDM in Endpoint Central. Once the Mac systems have been enrolled, the agent reaches out to the MDM server to deploy the OS patches.
You can enroll the Mac systems in one of the following ways:
Once the systems have successfully been enrolled, you can deploy patches manually via Manual Deployment or an Automate Patch Deployment task.
Below-mentioned is a list of the common system remarks that might appear while deploying patches for the Apple Silicon Mac systems or enrolling the systems via MDM.
This remark appears when the systems have not been enrolled with MDM. It is recommended to enroll the systems with MDM via the steps mentioned here.
This remark appears in case the bootstrap token has not been escrowed to the MDM server. To verify if the token has been escrowed, navigate to the terminal and type in the following command:
sudo profiles status -type bootstraptoken
In case the bootstrap token has not been escrowed, the output to the parameter profiles: Bootstrap Token escrowed to server: will appear as NO.
In case the token is not escrowed, you can escrow it manually to the server by using the following command:
sudo profiles install -type bootstraptoken
The Apple silicon Mac systems need to be enrolled with ManageEngine's MDM server for seamless patching without user intervention. This remark appears in case the systems have been enrolled with a different MDM solution.
