Some System Updates for macOS require the device to restart to finish the update process. This article covers deploying macOS System Updates to a group of Macs through Addigy Policies. If you'd like to deploy updates to individual machines, check out our article GoLive - System Updates.
Note: Restart Settings are not inherited by child policies. It is important that you set this up separately for each policy that should be receiving updates that require a restart.
Important Note for Big Sur: In macOS Big Sur, Updates that require Restart will prompt the user and then open System Preferences > Software Update to press `Install` or `Restart`. This change is to help improve Software Updates on macOS Big Sur, as Apple continues to deprecate the ability to perform Software Updates using their tools. More information about Big Sur and M1 (Silicon) is available here. If you would like to see previous method of Software Update supported, please contact Apple Support and request this using their feedback mechanisms.
When deploying System Updates through your Addigy Policies, you have a few options for how your devices should handle these restarts:
Install ONLY updates that do not require a restart.
This option opts out of deploying updates that require a restart. This is designed to be as low-touch as possible. Updates that require a restart will be completely skipped for this policy. Because updates that require restarts are skipped, end-users in the policy will not be impacted at all by updates. We recommend this option for people new to Addigy and hesitant about managing updates for their devices. If you'd like to install updates that require restarts but want to restart them manually, then we recommend installing the update via GoLive.
Restart immediately after update without prompting the user.
This option is the most forceful option available. It guarantees that the device will install the updates as quickly as possible. The user will not be prompted before the update or before the restart. This option works well with our Deployment Schedule option to only deploy updates on specific days and during specific hours. We recommend not using this option unless you are sure no users will be at the devices when the updates go out.
Prompt the user to restart. If declined, continue prompting after X hours.
This option prompts the end-user with an Apple-like badge notification in the top-right of their screen. If the user accepts the restart, then the update is downloaded and installed. The badge notification will change to display the progress to the user and warn them when the restart is about to happen. This option is the most user-friendly, but updates can be postponed indefinitely by users. This option will never be forcefully installed even if no user is logged into the Mac.
Prompt the user to restart. If declined, continue prompting after X hours. Force a restart after X attempts.
Just like the previous option, this prompts the end-user with an Apple-like badge notification. If the user accepts the restart, then the update is downloaded and installed. The badge notification will change to display the progress to the user and warn them when the restart is about to happen. Additionally, the install and restart will be forced after a specified number of attempts. This will be indicated in the notification to the user and will not have the option to postpone. We recommend this option for organizations that want to give some choice to their users, but need security updates installed in a timely matter for compliance purposes.
For example, setting the update for force after 9 attempts will give the user nine opportunities to cancel the update. The 10th prompt will be mandatory.