The wait for the latest macOS 14 update is finally over. The newest macOS Sonoma update comes with a plethora of security and privacy features intended to make your computing environment safer. Apple users can now explore new video conferencing features and advanced game mode, enable password and passkey sharing, and so much more.

While there’s plenty of excitement that comes with an update like this, it’s important to proceed with caution. Managing bulk deployment or deferral of OS updates in your organization’s production environment can be a complex task. This underscores the importance of having a reliable endpoint management and security system in place.

Endpoint Central to the rescue!

ManageEngine Endpoint Central is a UEM solution designed to manage and secure a wide range of devices like macOS, Android, iOS, Windows, Linux, and IoT devices. These devices are managed during their entire life cycle, from onboarding to the last stage of decommissioning. With an inbuilt security suite, Endpoint Central also safeguards devices against any number of threats with just a few clicks.

Note: If you have not upgraded to the latest version of Endpoint Central, it is recommended that you upgrade to the latest version to ensure complete support for the new OS.

How to upgrade your endpoints to macOS Sonoma using Endpoint Central

Admins can deploy the patch for upgrading the OS for their organization’s endpoints using the patch management feature in Endpoint Central. Before installing an upgrade, it is always recommended to create a backup of your machines. To create a backup of your Mac devices, you can use Time Machine.

Prerequisites for deploying macOS Sonoma across your endpoints

  1. System requirements: macOS10.13 or later

  1. Compatible systems:

  • iMac (2019 and later)

  • iMac Pro (2017)

  • MacBook Air (2018 and later)

  • MacBook Pro (2018 and later)

  • Mac Pro (2019 and later)

  • Mac Studio (2022 and later)

  • Mac mini (2018 and later)

To upgrade your Mac devices to macOS Sonoma via patch deployment, deploy the patch given below:

  • Patch ID: 605841

  • Patch description:  Upgrade to macOS Sonoma – Intel and Silicon

Note:

  • The patch will only be shown in compatible systems under Missing Patches after a successful DB sync.

  • For Apple silicon machines, all end users will receive a prompt to enter the password for the deployment to proceed. They will be asked to enter the password during deployment.

How to postpone the macOS Sonoma upgrade using Endpoint Central

To postpone the upgrade of the current macOS in endpoints, admins can deploy the block configuration to block applications from running in their environment using Endpoint Central.

Refer: How to deploy a configuration to defer the upgrade to MacOS Sonoma using Endpoint Central

Note:

  • Bundle identifier: com.apple.InstallAssistant.macOSSonoma

  • Installer name: Install macOS Sonoma

To avoid automatic OS updates, follow the steps given below:

  • Deploy AppStoreAutoUpdateDisable.sh from the script repository to Mac devices to disable auto updates.

  • Use the System Preferences computer configuration and Restrict Software Update to block users from manually updating the current OS to MacOS Sonoma.

Get unparalleled security with macOS Sonoma and Endpoint Central

Pairing Sonoma with Endpoint Central presents a robust solution for streamlined endpoint management and security. Sonoma’s groundbreaking performance upgrades and advanced security features are seamlessly complemented by Endpoint Central’s comprehensive security suite. Through centralized control, rapid incident response, and top-notch security, this dynamic duo will optimize computer speed, enhance defenses against emerging threats, and ensures compliance with ease. The result? An efficient, secure computing environment ready to meet the demands of today’s dynamic business landscape.

  1. David Jones

    “For Apple silicon machines, all end users will receive a prompt to enter the password for the deployment to proceed. They will be asked to enter the password during deployment.”

    To which password are you referring? The user’s password or an administrator’s password? It is common for many companies to have a policy of no local admin rights for users. Please clarify this point.

    If users do not have local admin rights, how are we able to deploy this update?

    • R Balaji

      Dear David

      To clarify, the password being referred to is the **user’s password**. This prompt is necessary for the deployment to proceed as it allows the installation of updates that require user authentication.

      In scenarios where end users do not have local admin rights, the deployment will still prompt for the **user’s password** rather than an administrator’s password. This process is designed to comply with security policies that restrict local admin rights while still allowing necessary updates to be installed.

      If the user does not have the appropriate permissions or the deployment is unsuccessful due to these restrictions, we recommend coordinating with your IT team to ensure the deployment can be carried out with the required access.