Access Keys:
Skip to content (Access Key - 0)

Jamf Pro - Restricting upgrades to macOS

There are two ways to restrict OS updates on Macs with Jamf Pro: via Configuration Profiles, and via Restricted Software entries. The configuration profile will allow you to hide updates from end users for up to 90 days after release, while the restricted software entry will automatically quit the installer app if a user tries to launch it. It is recommended to use the configuration profile, but if you need to restrict upgrades for more than 90 days you should also make a Restricted Software entry.

Configuration Profile setup

  1. Go the Configuration Profiles section of Jamf Pro and click New.
  2. In the Restrictions payload on the left, click Configure.
  3. Under the Functionality tab, scroll down and check the "Defer updates" box. Set the the menu options to "Software Updates" and "90 days" (or less if you prefer).

  4. Click on the Scope tab, and select the computers, groups, or users you want this restriction to apply to.
  5. Save.

The configuration profile should be installed and take effect as soon as the target computers are connected to the Internet.

Restricted Software

  1. Go to the Restricted Software section and click New. Depending on your OS you can enter the following:
  2. In the "Process Name" field, enter e.g. "Install macOS Big Sur.app" or "Install macOS Catalina.app"
  3. Check the "kill process" box.
  4. Add a message to display to the end user if they try to launch the macOS installer.

  5. Click on the Scope tab, and select the computers, groups, or users you want this restriction to apply to.
  6. Save.

Software restrictions should take effect on computers after their next check in, which normally happens about once every half hour.

When a user tries to run the macOS installer, it will quit instantly and the user will see the message you specified.

Have Questions or Still Need Help?

  • If you need assistance creating restrictions or have any questions, please contact the End User Computing team at euc-help@mit.edu.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

October 27, 2020

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
casper casper Delete
endpoint endpoint Delete
management management Delete
restrict restrict Delete
block block Delete
osx osx Delete
macos macos Delete
jamf jamf Delete
mojave mojave Delete
c-macos-catalina c-macos-catalina Delete
c-jamf c-jamf Delete
catalina catalina Delete
euc euc Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki