These updates can be fully managed and deployed from Addigy. This article expands on how to manage these updates, deploy them, and remove them if they cause breaking changes.
Managing Rapid Security Response Settings on macOS 15 and older
Addigy allows you to deploy a Restrictions MDM Profile to manage the ability for Users to revert the Rapid Security Response or install it. You can find this MDM profile in Catalog > Device Settings > New > Restrictions > General.
These keys will allow the Rapid Security Response to be installed:
"Allow Rapid Security Response Installation" - If false, prohibits installation of rapid security responses.
Default: true
"Allow Rapid Security Response Removal": If false, prohibits removal of rapid security responses.
Managing Background Security Improvement Settings on macOS 26 and newer
The Addigy updates page in the Policy settings will show if an BSI is available in the public updates catalog.
If you select the 'keep to latest' setting, the devices will get that BSI if the BSIs are enabled in Policy > Updates > Auto Install Updates via Device AI > Manage Background Security Improvement Settings.
If you set a max version (EX: 26.3.2) and have the Manage Background Security Improvement Setting enabled, then the devices will get the BSI to the latest to that version.
If you select hold to a specific version (EX: 26.3.2) and have the Policy > Updates > Auto Install Updates via Device AI > Manage Background Security Improvement Settings NOT ENABLED then the devices will NOT get the BSI latest to that version.
Via Schedule Updates Declaration
Addigy allows you to deploy the Enforcement Specific declaration to push the update. You can find this Policy > Updates > Schedule Updates via Declaration.
Please note: In our testing macOS will see this Enforcement Specific declaration time, download the update, but still try and run the update overnight. In some cases it will install at that Enforcement Specific declaration time, but others it will wait for overnight. Please file a Feedback to Apple on this as it relates to how the OS acts on the Update declaration.
Here is how you would set the Policy to push the Enforcement Specific declaration at a given time and also enable BSI deployments and rollbacks:
Via Automatic Actions
Addigy allows you to deploy the Update Settings declaration to manage the ability for Users to revert the BSI or install it. You can find this Policy > Updates > Auto Install Updates via Device AI > Manage Background Security Improvement Settings.
If you configure the new Update Settings Declaration with Automatic Actions, it will send to the macOS 15 and up devices in your policy settings that will automatically install the BSI after the deferral period is up.
Here is an example of this setup, where BSI updates are set to auto-install the day after they drop. These updates will install on the device when it meets the state of charge, free space, and user inactivity criteria.
Removing Rapid Security Response Updates
By default, Rapid Security Response updates can be removed by the end-user on macOS.
Users will find this feature by clicking the `i` button in System Settings > General > macOS > `i` Icon.
If a Restrictions Profile is sent to the device to prevent Installation, the user will not see the RSRUpdate.
If a Restrictions Profile is sent to the device to prevent removal, the user will not see the ability to `Remove & Restart` page, as the `i` button will not be available:
Tracking Rapid Security Response Updates
You can use the System Version fact to determine if the device(s) are on the latest update, with the RSR Update:
Additionally, we will be making changes to the macOS X Version and OS Version facts to show this information. This change will be live on Monday May 8th, 2023. This will also reflect this information in your System Dashboard.