Managing macOS updates has long been a complex task for IT administrators. The rapid release cycles, authentication requirements for Apple silicon, and the tendency of users to defer updates can create a challenging environment. Balancing the necessity of keeping devices secure and up-to-date with minimizing disruptions to user productivity is a delicate act.
Apple has made strides in improving the update process, particularly with the introduction of Rapid Security Responses and more efficient over-the-air upgrades. However, there remains a need for tools that offer IT administrators greater control without imposing on the user experience.
Enter S.U.P.E.R.M.A.N., an acronym for Software Update Policy Enforcement with Recursive Messaging And Notification, commonly referred to as ‘Super’. This open-source script is designed to facilitate the enforcement of macOS updates and upgrades, ensuring devices remain secure while minimizing user disruption.
Understanding ‘Super’
‘Super’ operates as a background agent that monitors for available macOS updates or upgrades. Upon detecting an update, it can automatically download and prepare the installation, prompting the user for a restart or enforcing one if necessary. The tool offers customizable dialogs, notifications, scheduling, and deferral options, allowing IT teams to tailor the update process to their specific needs.
Key features of ‘Super’ include:
– Automated Updates and Upgrades: Supports both Intel and Apple Silicon Macs, ensuring compatibility across devices.
– Customizable User Notifications: Provides dialogs and notifications that can be tailored to the organization’s communication style.
– Flexible Deferral and Deadline Options: Allows IT administrators to set deferral periods and deadlines, balancing the urgency of updates with user convenience.
– Comprehensive Validation and Logging: Ensures transparency and accountability in the update process.
The default workflow of ‘Super’ involves checking for updates, downloading and preparing them, and then prompting the user for a restart. If the user does not respond, ‘Super’ can enforce a restart to complete the installation. Post-installation, it ensures all available non-macOS updates are installed and verifies Jamf Pro inventory and check-in policies.
Deploying ‘Super’ via Jamf Pro
Integrating ‘Super’ with Jamf Pro is straightforward. The script can be added to a Jamf Pro policy, with up to eight policy parameters configurable. Non-credential options are available through configuration profiles. ‘Super’ can be scheduled to restart periodically by itself or through Jamf Pro, ensuring updates are applied in a timely manner.
Best practices for deploying ‘Super’ via Jamf Pro include:
– Avoid Redundant Inventory Checks: If inventory is set to check for software updates through Jamf Pro, it’s advisable not to use inventory checks in the ‘Super’ policy to prevent conflicts.
– Updating ‘Super’ Itself: The script can be updated by re-running the policy, ensuring the latest version is always in use.
– Deferred Installation: If immediate updates are not desired, a skip updates option can be set in the policy script parameters.
– Resetting ‘Super’ Settings: A reset option is available in the policy script parameters to clear old settings if needed.
– Utilizing Extension Attribute Scripts: For additional customization, extension attribute scripts can be found in the ‘Super’ wiki on GitHub.
Looking Ahead: ‘Super’ Version 4
The development of ‘Super’ continues, with version 4 on the horizon. This upcoming release focuses on improving style and clarity, introducing a more reliable, always on LaunchDaemon. The beta version is already available, with the full release expected later this year.
For IT administrators seeking to streamline the macOS update process, ‘Super’ offers a robust solution that balances security requirements with user experience. By automating updates and providing customizable options, it empowers IT teams to maintain device integrity without compromising productivity.
