When Apple surprises us with a security patch, the Internet goes wild. These patches range from new features and bug fixes to security updates, but the goal is always the same — it's best to keep your Apple devices fully patched and up-to-date. Our automated management tools can help, but there are some things you should be aware of when it comes to updates on your Apple technology.
Trouble Running macOS Updates? There is a known bug whereby macOS updates (also known as patches) do not appear or don’t work. We have developed a fix for this ... run the Software Update – Kickstart Process in MacManage.
Ongoing Communication is Key
Our automated patching tools will encourage your team to apply critical updates and restart. However, it's important to make them aware that they do have to participate in this process (the alternative solution is unexpected restarts — which nobody likes.)
Remind your team to look out for "Nudge" prompts and take them seriously.
If you want to give your team an extra nudge — especially following fixes for zero-day vulnerabilities — then inform them that an update with important vulnerability fixes is available and encourage them to run the updates as soon as they can. Below is a sample communication.
Share this with your team, edit as necessary, and remember you can track the status of your Apple devices with Vision-Bot.app.
SUBJECT: Apply Critical Software Update to Your Apple Devices
Apple recently released critical software updates for iOS, iPad OS, macOS, and watch OS. To keep your data safe, we recommend you apply these updates as soon as possible. The deadline to run these updates is one week from today.
- Update macOS on Mac (or open MacManage and Check for Major Updates)
- Update your iPhone, iPad, or iPod touch
- Update your Apple Watch
Contact the Ntiva Service Desk if you need any assistance.
For Macs, we leverage a tool called "Nudge" to prompt users to trigger updates when convenient for them. We set a due date for the update, and the reminder prompt appears twice daily. If the user lets the due date pass, the reminder prompt can no longer be dismissed. We set the default Nudge deadline to one week from when the update is released (or fully vetted).
Although we can force-push updates to non-compliant devices if necessary, we also risk surprising the user with a device restart, which could lead to data loss. Any Mac running a modern macOS in management can receive these notifications and commands.
iOS and iPadOS
For an iOS device to receive software updates from us, the device must be supervised. Supervision is required to enable more advanced management features — and often requires additional setup, so it's not yet common across many clients. Devices with supervision will display the SUPERVISED tag next to the device serial number in Vision-Bot:
Supervised iOS devices can have updates pushed to them. However, the chance of disrupting a user with a surprise restart is exceptionally high.
For unsupervised iOS devices, we cannot cache or trigger software updates, period. This limitation is why client communication is our most important tool for critical iOS updates.
The status of device updates can be tracked in Vision-Bot, and follow-up communications or enforcement can be handled case-by-case.
Also, consider that when Apple releases a surprise patch, it doesn't mean everyone should apply it immediately. Apple has released patches in the past that proved to be problematic. They eventually removed the failed patch and issued a new one, but the process was very disruptive to many organizations and individuals. We recommend you allow our team of Apple specialists 24-48 hours to test and confirm the stability of a critical patch before applying patches to business-critical devices.