Note: Updates for either Intel or M1 on Monterey will behave the same
Apple has changed how System Updates for devices on Monterey are preformed and they will now require manual interaction by an admin end-user with a Secure Token to input their password in order to perform the update for the following update use cases:
- The end-user going to the System Preferences > Software Updates and clicking Update themselves. This will require admin credentials.
- Using the Policies page > Updates tab which will leverage the softwareupdate native tool
Note: Using the Policies page to update will only prompt the user to install using System Preferences. This is due to Apple restricting the functionality of their softwareupdate CLI tool. - Using the GoLive page > Updates tab on a device without:
A.) bootstrap token escrowed (This will be done after enrolling via MDM, to verify this, check out How to Verify the macOS Bootstrap Token Was Escrowed)
B.) (On M1 devices not enrolled via Automated Device Enrollment) Allowing remote management of kernel extensions and automatic software updates
Note: The only use case that would not require end-user interaction would be using the GoLive page method mentioned above which uses MDM when meeting the criteria of A and B
If you see the following warning on your device, check out our How to fix the Kernel Extensions and Software Updates Warning on Apple Silicon