Access Keys:
Skip to content (Access Key - 0)

Jamf Pro - Upgrading Macs to latest operating system

On this page:

Upgrading Macs to to the latest OS is a two-step process. Since the OS installers are several GB, it's recommended to download them locally prior to installing. On Apple Silicon Macs, a local admin will then need to manually run the installer due to Apple's new security features. On Intel Macs, the installer can be run via a script with a Jamf policy.

Upgrading to macOS Monterey

You will need to create a smart group and two policies to upgrade machines to Monterey.

Smart Group: macOS Monterey installer present

  • Criteria - Application Title is Install macOS Monterey.app

Policy 1: Deploy the installer

  1. Create a new policy. Under General, set the trigger to Recurring Check-in, and set the execution frequency to Once per computer.
  2. Under Files and Processes, enter `jamf policy -event euc-install-monterey` in the Execute Command field.
  3. Under Scope, add whichever computers you want to prepare for upgrade.
    • Result: The scoped machines will cache the installer the next time they check in (usually within 30 minutes). Note: machines that already have the latest Monterey installer present in /Applications are excluded from this policy.

Policy 2: Run the installer

These steps will only work on Intel Macs. On Apple Silicon Macs, there is no way to kick off the installer without explicit user authorization. A local admin will need to launch the installer from /Applications. See https://support.apple.com/en-us/HT212735 for more info on manually upgrading to Monterey. To upgrade macOS on Apple Silicon Macs, please use MDM commands in Jamf.
  1. Create a second policy. This will run the pre-deployed installer, restarting to begin the upgrade. Because this reboot is forced, it's recommended to only run this via Self Service and display a warning message to the user. This can take a few minutes to begin.
  2. Under Scripts, add the 12 - Upgrade to Monterey script.
  3. Under Self Service, check the Make available in Self Service box and the Feature the policy on the main page box.
  4. Under Self Service, it is recommended to add a description warning that it will instantly reboot, and checking the Ensure that users view the description checkbox.
  5. Set Scope to the above created smart group, macOS Monterey installer present
  6. Optional: Under Scope > Limitations, add select authorized kerberos users or Moira groups. For example, you could set this to only desktop support technicians, so end users will not upgrade on their own accidentally.

Upgrading to macOS Big Sur

You will need to create a smart group and two policies to upgrade machines to Big Sur.

Smart Group: macOS Big Sur installer present

  • Criteria - Application Title is Install macOS Big Sur.app

Policy 1: Deploy the installer

  1. Create a new policy. Under General, set the trigger to Recurring Check-in, and set the execution frequency to Once per computer.
  2. Under Files and Processes, enter `jamf policy -event euc-install-bigsur` in the Execute Command field.
  3. Under Scope, add whichever computers you want to prepare for upgrade.
    • Result: The scoped machines will cache the installer the next time they check in (usually within 30 minutes). Note: machines that already have the latest Big Sur installer present in /Applications are excluded from this policy.

Policy 2: Run the installer

These steps will only work on Intel Macs. On Apple Silicon Macs, there is no way to kick off the installer without explicit user authorization. A local admin will need to launch the installer from /Applications. See https://support.apple.com/en-us/HT211683 for more information. To upgrade macOS on Apple Silicon Macs, please use MDM commands in Jamf.
  1. Create a second policy. This will run the pre-deployed installer, immediately restarting to begin the upgrade. Because this is immediate, it's recommended to only run this via Self Service and display a warning message to the user.
  2. Under Scripts, add the 11 - Upgrade to Big Sur script.
  3. Under Self Service, check the Make available in Self Service box and the Feature the policy on the main page box.
  4. Under Self Service, it is recommended to add a description warning that it will instantly reboot, and checking the Ensure that users view the description checkbox.
  5. Set Scope to the above created smart group, macOS Big Sur installer present
  6. Optional: Under Scope > Limitations, add select authorized kerberos users or Moira groups. For example, you could set this to only desktop support technicians, so end users will not upgrade on their own accidentally.

Contact

  • If you need assistance creating policies or have any questions, please contact the End User Computing team at euc-help@mit.edu.

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

October 25, 2022

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
casper casper Delete
endpoint endpoint Delete
management management Delete
install install Delete
upgrade upgrade Delete
osx osx Delete
jamf jamf Delete
c-jamf c-jamf Delete
euc euc Delete
monterey monterey Delete
bigsur bigsur Delete
macos macos Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki