Jamf Pro - Upgrading Macs to latest operating system
On this page:
Upgrading Macs to to the latest OS is a two-step process. Since the OS installers are several GB, it's recommended to download them locally prior to installing. On Apple Silicon Macs, a local admin will then need to manually run the installer due to Apple's new security features. On Intel Macs, the installer can be run via a script with a Jamf policy.
Upgrading to macOS Monterey
You will need to create a smart group and two policies to upgrade machines to Monterey.
Smart Group: macOS Monterey installer present
- Criteria - Application Title is Install macOS Monterey.app
Policy 1: Deploy the installer
- Create a new policy. Under General, set the trigger to Recurring Check-in, and set the execution frequency to Once per computer.
- Under Files and Processes, enter `jamf policy -event euc-install-monterey` in the Execute Command field.
- Under Scope, add whichever computers you want to prepare for upgrade.
- Result: The scoped machines will cache the installer the next time they check in (usually within 30 minutes). Note: machines that already have the latest Monterey installer present in /Applications are excluded from this policy.
Policy 2: Run the installer
![]() | These steps will only work on Intel Macs. On Apple Silicon Macs, there is no way to kick off the installer without explicit user authorization. A local admin will need to launch the installer from /Applications. See https://support.apple.com/en-us/HT212735 for more info on manually upgrading to Monterey. To upgrade macOS on Apple Silicon Macs, please use MDM commands in Jamf. |
- Create a second policy. This will run the pre-deployed installer, restarting to begin the upgrade. Because this reboot is forced, it's recommended to only run this via Self Service and display a warning message to the user. This can take a few minutes to begin.
- Under Scripts, add the 12 - Upgrade to Monterey script.
- Under Self Service, check the Make available in Self Service box and the Feature the policy on the main page box.
- Under Self Service, it is recommended to add a description warning that it will instantly reboot, and checking the Ensure that users view the description checkbox.
- Set Scope to the above created smart group, macOS Monterey installer present
- Optional: Under Scope > Limitations, add select authorized kerberos users or Moira groups. For example, you could set this to only desktop support technicians, so end users will not upgrade on their own accidentally.
Upgrading to macOS Big Sur
You will need to create a smart group and two policies to upgrade machines to Big Sur.
Smart Group: macOS Big Sur installer present
- Criteria - Application Title is Install macOS Big Sur.app
Policy 1: Deploy the installer
- Create a new policy. Under General, set the trigger to Recurring Check-in, and set the execution frequency to Once per computer.
- Under Files and Processes, enter `jamf policy -event euc-install-bigsur` in the Execute Command field.
- Under Scope, add whichever computers you want to prepare for upgrade.
- Result: The scoped machines will cache the installer the next time they check in (usually within 30 minutes). Note: machines that already have the latest Big Sur installer present in /Applications are excluded from this policy.
Policy 2: Run the installer
![]() | These steps will only work on Intel Macs. On Apple Silicon Macs, there is no way to kick off the installer without explicit user authorization. A local admin will need to launch the installer from /Applications. See https://support.apple.com/en-us/HT211683 for more information. To upgrade macOS on Apple Silicon Macs, please use MDM commands in Jamf. |
- Create a second policy. This will run the pre-deployed installer, immediately restarting to begin the upgrade. Because this is immediate, it's recommended to only run this via Self Service and display a warning message to the user.
- Under Scripts, add the 11 - Upgrade to Big Sur script.
- Under Self Service, check the Make available in Self Service box and the Feature the policy on the main page box.
- Under Self Service, it is recommended to add a description warning that it will instantly reboot, and checking the Ensure that users view the description checkbox.
- Set Scope to the above created smart group, macOS Big Sur installer present
- Optional: Under Scope > Limitations, add select authorized kerberos users or Moira groups. For example, you could set this to only desktop support technicians, so end users will not upgrade on their own accidentally.
Contact
- If you need assistance creating policies or have any questions, please contact the End User Computing team at euc-help@mit.edu.