{"id":75374,"date":"2023-05-07T10:15:59","date_gmt":"2023-05-07T14:15:59","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=75374"},"modified":"2026-03-18T20:12:55","modified_gmt":"2026-03-19T00:12:55","slug":"create-a-macos-patch-policy","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy","title":{"rendered":"Create a macOS Patch Policy"},"content":{"rendered":"\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>Review the following limitations and conflicts before configuring your legacy patch policies:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Deprecation Notice<\/strong> &#8211; Legacy MDM patch policies covered in this article will remain in your organization but will be deprecated later this year. This deprecation will also include the Nudge tool used for update notifications, which is not required for DDM-based policies. We strongly recommend migrating to DDM-based policies as soon as possible to avoid service interruptions. <br>See <a href=\"https:\/\/jumpcloud.com\/support\/create-a-ddm-based-macos-patch-policy\" target=\"_blank\" rel=\"noreferrer noopener\">Create a DDM-based macOS Patch Policy<\/a> to learn more.<\/li>\n\n\n\n<li><strong>Legacy vs. DDM Conflicts<\/strong> &#8211; Avoid applying legacy and DDM-based macOS patch policies to the same device simultaneously. Mixing these frameworks causes configuration conflicts and unexpected update behavior.<\/li>\n\n\n\n<li><strong>Standalone Deferral Conflicts<\/strong> &#8211; Avoid applying standalone deferral policies (such as Delay Major macOS Software Upgrades or Delay Minor OS Updates) and the Patch Management policies covered in this article simultaneously as these can conflict and cause unexpected update behavior.<\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>JumpCloud\u2019s automated patch management helps you keep your managed macOS devices and apps secure and updated. As an IT Admin with Manager role permissions or higher, you can manage and enforce when major OS upgrades and minor update patches are available and applied to your devices. You can also configure how much flexibility your users have in delaying or canceling the update:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Major OS upgrades<\/strong>&nbsp;&#8211; Control when users install the latest available OS upgrade. You&nbsp;might want to test a new OS version on a small number of devices before you roll out a new upgrade to your entire company. You can defer an upgrade for 90 days after its release.&nbsp;You can specify a major upgrade installation per operating system, which gets installed on target devices within 24 hours of applying the policy. Enforced major upgrades utilize Mobile Device Management (MDM) software install commands and do not require end user interaction or Admin permissions.<\/li>\n\n\n\n<li><strong>Minor update patches<\/strong>&nbsp;&#8211; Specify when minor updates become available to a device and control how long users can defer the update. If you choose to force minor updates to your users\u2019 devices, you must set a deadline for minor updates. As that deadline approaches, automatic reminders appear more frequently and eventually users cannot dismiss them. If the deadline expires, the policy then forces a minor OS update to be automatically downloaded and installed using MDM software install commands.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>You can customize user reminders for minor updates and preview the reminder before it is displayed to users. If you uploaded your logo, it also appears in the reminder.&nbsp;OS patch policies work on macOS Big Sur 11 and later.&nbsp;<\/p>\n\n\n\n<p>JumpCloud also provides a universal browser patch policy that keeps Google Chrome up to date for macOS, Windows, and Linux. See&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/create-a-universal-browser-patch-policy\">Create a Universal Browser Patch Policy<\/a>.<\/p>\n\n\n\n<p>You can save time by using JumpCloud\u2019s default patch policies and policy groups that are preconfigured and ready to use. See&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/configure-default-patch-policy-groups\">Configure Default Patch Policies and Policy Groups<\/a>.<\/p>\n\n\n\n<p>Contact your Account Manager if you\u2019re interested in adding OS and browser patch management to your package or to learn more about the&nbsp;<a href=\"https:\/\/jumpcloud.com\/platform\/patch-management\" target=\"_blank\" rel=\"noreferrer noopener\">solution<\/a>.<\/p>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Unlike minor updates, major OS upgrades do not have a configurable installation grace period. This means that setting any of the <strong>Automatic Actions for Devices running&#8230;<\/strong>&nbsp; options to <strong>Enforce upgrade to macOS&#8230;<\/strong> will force Macs to upgrade immediately after the major upgrade deferral period ends. Review these settings carefully as users will be prompted to update their Macs immediately, causing possible interruptions.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"DefaultPolicies\">Creating Default Patch Policies and Policy Groups<\/h2>\n\n\n\n<p>If your organization has not yet configured any macOS, Windows, or Linux patch management policies or policy groups, you can save time by loading a set of default policies and policy groups. These patch policies and groups can save you time by enforcing security patches on a large number of managed devices.<\/p>\n\n\n\n<p>A policy group helps you quickly and efficiently roll out preconfigured policies using deployment rings. Deployment rings are configured with sane defaults. The deployment ring names match these policy group names, and control how and when an update is applied:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Vanguard<\/strong>&nbsp;&#8211; Deploy automated upgrades inside your IT Department.<\/li>\n\n\n\n<li><strong>Early Adoption<\/strong>&nbsp;&#8211; Deploy automated upgrades to early adopters outside of IT.<\/li>\n\n\n\n<li><strong>General Adoption<\/strong>&nbsp;&#8211; Deploy automated upgrades to general users in your company.<\/li>\n\n\n\n<li><strong>Late Adoption<\/strong>&nbsp;&#8211; Deploy automated upgrades to remaining users in your company.<br><img decoding=\"async\" width=\"700\" height=\"422\" class=\"wp-image-83255\" style=\"width: 600px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/DeploymentRings.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/DeploymentRings.png 700w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/DeploymentRings-300x181.png 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><br><br><\/li>\n<\/ul>\n\n\n\n<p><strong>To create default patch policies and policy groups<\/strong>:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/login\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.&nbsp;<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>If your data is stored outside of the US, check which login URL you should be using depending on your region. If your organization uses LDAP, RADIUS, or requires firewall allow list configuration, the Fully Qualified Domain Names (FQDNs) will also be region specific. See <a href=\"https:\/\/jumpcloud.com\/support\/jumpcloud-data-centers\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Data Centers<\/a> for the URLs, FQDNs, and IP addresses.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Go to&nbsp;<strong>Device Management &gt; Policy Management<\/strong>.<\/li>\n\n\n\n<li>Select&nbsp;<strong>Patch Management<\/strong>, then select the&nbsp;<strong>OS<\/strong>&nbsp;tab.<\/li>\n\n\n\n<li>If you haven\u2019t yet configured a patch policy or patch policy group, click&nbsp;<strong>Load Default Policies &amp; Policy Groups<\/strong>&nbsp;to create four out-of-the-box default policy groups. Each policy group contains three preconfigured deployment ring policies that are automatically bound to the group.<br><img decoding=\"async\" width=\"501\" height=\"286\" class=\"wp-image-83258\" style=\"width: 450px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/ConfigureOSPatchPolicies.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/ConfigureOSPatchPolicies.png 501w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/ConfigureOSPatchPolicies-300x171.png 300w\" sizes=\"(max-width: 501px) 100vw, 501px\" \/><\/li>\n<\/ol>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>Review the preconfigured settings for the macOS default policies:\n<ul class=\"wp-block-list\">\n<li><strong>Defer Update Releases<\/strong>&nbsp;&#8211; The number of days to defer the availability of future minor OS updates. If you set the deferral length to be greater than the number of days since a minor update was released, this update will not be available. Any minor release older than 90 days will not be affected.&nbsp;<strong>Deferral Length in Days<\/strong>&nbsp;specifies how many days to defer a minor OS update after it\u2019s released.<\/li>\n\n\n\n<li><strong>Enforce Automatic Updates<\/strong>&nbsp;&#8211; The number of days that users have to install minor OS updates after they are available. The&nbsp;<strong>Installation Deadline in Days<\/strong>&nbsp;will apply to any minor OS updates available on a device at the time of policy application. If minor updates are not installed at the end of the deadline,&nbsp;JumpCloud forces the update via an MDM command.&nbsp;Valid values are 0-90 days, and the default is 30 days.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card warning\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Warning:<\/strong> \n<p>When the delay periods and the deadline that you set in Step 5 expire, the policy forces&nbsp;a minor OS update to be automatically downloaded and installed as soon as the user&#8217;s device comes online. This action occurs for updates to macOS 11, macOS 12, and macOS 13. If something unexpected happens and the minor update could not be installed, JumpCloud will try again every 24 hours.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-wpdatatables-wpdatatables-gutenberg-block\">\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-58\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"3\"\n           data-rows=\"5\"\n           data-wpID=\"58\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-bold wpdt-align-left\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Deployment Policy Ring                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold wpdt-align-left\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Deferral Length in Days                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold wpdt-align-left\"\n                                            data-cell-id=\"C1\"\n                    data-col-index=\"2\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Installation Deadline in Days                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        macOS Vanguard                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        N\/A                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C2\"\n                    data-col-index=\"2\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        3 days                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        macOS Early Adopter                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        7 days                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C3\"\n                    data-col-index=\"2\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        7 days                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        macOS Early Adopter                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        15 days                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C4\"\n                    data-col-index=\"2\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        10 days                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        macOS Late Adopter                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        30 days                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"C5\"\n                    data-col-index=\"2\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        10 days                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><\/div>\n\n\n\n<p>When selecting a policy, the&nbsp;<strong>Deferral Length in Days<\/strong>&nbsp;setting for minor update releases will apply to any future minor updates.&nbsp;<\/p>\n\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>You can configure additional settings that are&nbsp;<em>not<\/em>&nbsp;preconfigured in the default policies:\n<ul class=\"wp-block-list\">\n<li><strong>Defer Upgrade Releases<\/strong>&nbsp;&#8211; Delay users from installing the latest available OS upgrade.&nbsp;For&nbsp;<strong>Deferral Length in Days<\/strong>, enter the number of days you want to defer a major OS upgrade after it\u2019s released. You can defer an upgrade for 90 days after its release. After that, this setting only applies to the next major OS upgrade. The minimum value is 1 day and the maximum is 90 days. The default is 30 days. The macOS&nbsp;Ventura release has been available for more than 90 days, so this setting would apply to Apple&#8217;s next major software release (macOS 14).&nbsp;<\/li>\n\n\n\n<li><strong>Defer Non-OS Updates<\/strong>&nbsp;&#8211; Delay users from installing non-OS updates. Examples of non-OS updates are a Safari update or an Xcode Command Line Tools update. For&nbsp;<strong>Deferral Length in Days<\/strong>, enter the number of days to defer non-OS updates after they are released. The minimum value is 1 day and the maximum is 90 days. The default is 30 days.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<ol start=\"7\" class=\"wp-block-list\">\n<li>(Optional) Review your default policy groups and policies. The policies are automatically bound to the appropriate group.<br><img decoding=\"async\" width=\"1852\" height=\"1034\" class=\"wp-image-83268\" style=\"width: 700px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/PathMgmtPolicyGroups.png\" alt=\"\"><br>For example, the Vanguard Ring Policy Group automatically contains these three preconfigured deployment ring policies:\n<ul class=\"wp-block-list\">\n<li>Linux (Ubuntu) Vanguard Ring<\/li>\n\n\n\n<li>macOS Vanguard Ring<\/li>\n\n\n\n<li>Windows Vanguard Ring<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>If you already created default policies and groups, and later you create additional default policies or policy groups, an error does not appear. Instead, the existing default policies and policy groups will be used.\n<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"8\" class=\"wp-block-list\">\n<li>(Optional) Select the policy you just created and select the&nbsp;<strong>Device Groups<\/strong>&nbsp;tab. Select one or more device groups where you&#8217;ll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.<\/li>\n\n\n\n<li>(Optional) Select&nbsp;<strong>Devices<\/strong>. Select one or more devices where you&#8217;ll apply this policy.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>For this policy to take effect, you must specify a device or a device group in Step 8 or Step 9.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"10\" class=\"wp-block-list\">\n<li>Click&nbsp;<strong>save<\/strong>.<\/li>\n\n\n\n<li>After the policy runs, you can view detailed results for a specific device:\n<ol start=\"1\" class=\"wp-block-list is-lower-alpha\">\n<li>Go to&nbsp;<strong>Device Management &gt; Devices<\/strong>.<\/li>\n\n\n\n<li>Select the&nbsp;<strong>Devices<\/strong>&nbsp;tab, then select the device.<\/li>\n\n\n\n<li>Select&nbsp;<strong>Policy Results<\/strong>, then click&nbsp;<strong>view<\/strong>&nbsp;to see more details. An Exit Code of&nbsp;<strong>0<\/strong>&nbsp;indicates that&nbsp;the policy ran successfully.<img decoding=\"async\" width=\"2140\" height=\"1502\" class=\"wp-image-107847\" style=\"width: 850px\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/06\/DevicesPolicyResultsupdate.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/06\/DevicesPolicyResultsupdate.png 2140w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/06\/DevicesPolicyResultsupdate-300x211.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/06\/DevicesPolicyResultsupdate-1024x719.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/06\/DevicesPolicyResultsupdate-768x539.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/06\/DevicesPolicyResultsupdate-1536x1078.png 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/06\/DevicesPolicyResultsupdate-2048x1437.png 2048w\" sizes=\"(max-width: 2140px) 100vw, 2140px\" \/><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<ol start=\"12\" class=\"wp-block-list\">\n<li>To delete a patch policy, select the checkbox next to the policy and click&nbsp;<strong>delete<\/strong>. The policy is removed from the OS Patch Management list.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Creating an Automatic macOS Updates Policy<\/h2>\n\n\n\n<p>You must have Manager role permissions or higher to create and enforce a patch management policy.<\/p>\n\n\n\n<p><strong>To create an Automatic macOS Updates policy<\/strong>:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>From the <a href=\"https:\/\/console.jumpcloud.com\/login\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>, go to&nbsp;<strong>Device Management &gt; Policy Managemen<\/strong>t.<\/li>\n\n\n\n<li>Select&nbsp;<strong>Patch Management,&nbsp;<\/strong>then select the&nbsp;<strong>OS<\/strong>&nbsp;tab. Only OS patch policies appear in this tab.<\/li>\n\n\n\n<li>To create a new, custom Automatic macOS Updates Policy, click (<strong>+<\/strong>), then choose\u00a0<strong>macOS<\/strong>.<br><img decoding=\"async\" width=\"164\" height=\"96\" class=\"wp-image-83266\" style=\"width: 200px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/PatchMgmtdropdown.png\" alt=\"\"><\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>If you don&#8217;t see the <strong>+<\/strong> when the OS tab is selected, click <strong>Load Default Policies &amp; Policy Groups<\/strong>. See&nbsp;<a href=\"#DefaultPolicies\">Creating Default Patch Policies and Policy Groups<\/a>&nbsp;above. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>(Optional) On the New Policy panel, enter a new name for the policy or keep the default. Policy names must be unique.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card warning\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Warning:<\/strong> \n<p>Major OS Upgrades do not have configurable installation grace period. This means that setting any of the <strong>Automatic Actions for Devices running&#8230;<\/strong>&nbsp; options to <strong>Enforce upgrade to macOS&#8230;<\/strong> will force Macs to upgrade immediately after the major upgrade deferral period ends. Review these settings carefully as users will be prompted to update their Macs immediately, causing possible interruptions.<br><img decoding=\"async\" width=\"490\" height=\"157\" class=\"wp-image-139345\" style=\"width: 300px\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/macos_restarting_computer_major_upgrade.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/macos_restarting_computer_major_upgrade.png 490w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/macos_restarting_computer_major_upgrade-300x96.png 300w\" sizes=\"(max-width: 490px) 100vw, 490px\" \/><\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>Under&nbsp;<strong>Major Upgrade Settings<\/strong>, configure any combination of these settings:\n<ol start=\"1\" class=\"wp-block-list is-lower-alpha\">\n<li>Select&nbsp;<strong>Defer Upgrade Releases<\/strong>&nbsp;to delay users from installing the latest available OS upgrade. You can defer an upgrade for 90 days after its release. After that, this setting only applies to the next major OS upgrade.\n<ul class=\"wp-block-list\">\n<li>For&nbsp;<strong>Deferral Length in Days<\/strong>,&nbsp;enter the number of days you want to defer a major OS upgrade after it\u2019s released. The minimum value is 1 day and the maximum is 90 days. The default is 30 days.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Choose one or both of these options if you want to automatically upgrade to a specified OS version within 24 hours:\n<ul class=\"wp-block-list\">\n<li>\u200b\u200b\u200b\u200b<strong>Automatic Action for devices running macOS 15 Sequoia<\/strong>:\n<ul class=\"wp-block-list\">\n<li><strong>Do nothing<\/strong> &#8211; Devices currently running macOS 15 Sequoia will not be upgraded.&nbsp;<\/li>\n\n\n\n<li><strong>Enforce upgrade to <strong>macOS 26<\/strong><\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 15 Sequoia will be upgraded to macOS 26.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Automatic Action for devices running macOS 14 Sonoma<\/strong>:\n<ul class=\"wp-block-list\">\n<li><strong>Do nothing<\/strong> &#8211; Devices currently running macOS 14 Sonoma will not be upgraded.&nbsp;<\/li>\n\n\n\n<li><strong>Enforce upgrade to <strong>macOS 26<\/strong><\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 14 Sonoma will be upgraded to macOS 26. <\/li>\n\n\n\n<li><strong>Enforce upgrade to macOS 15 Sequoia<\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 14 Sonoma will be upgraded to macOS 15 Sequoia.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Automatic Action for devices running macOS 13 Ventura<\/strong>:\n<ul class=\"wp-block-list\">\n<li><strong>Do nothing<\/strong> &#8211; Devices currently running macOS 13 Ventura will not be upgraded.&nbsp;<\/li>\n\n\n\n<li><strong>Enforce upgrade to <strong>macOS 26<\/strong><\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 13 Ventura will be upgraded to macOS 26.<\/li>\n\n\n\n<li><strong>Upgrade to macOS 15 Sequoia<\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 13 Ventura will be upgraded to macOS 15 Sequoia.<\/li>\n\n\n\n<li><strong>Enforce upgrade to macOS 14 Sonoma<\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 13 Ventura will be upgraded to macOS 14 Sonoma.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Automatic Action for devices Running macOS 12 Monterey<\/strong>:\n<ul class=\"wp-block-list\">\n<li><strong>Do nothing&nbsp;<\/strong>&#8211; Devices currently running macOS 12 Monterey will not be upgraded.&nbsp;<\/li>\n\n\n\n<li><strong>Enforce upgrade to <strong>macOS 26<\/strong><\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 12 Monterey will be upgraded to macOS 26.<\/li>\n\n\n\n<li><strong>Enforce upgrade to macOS 15 Sequoia<\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 12 Monterey will be upgraded to macOS 15 Sequoia.<\/li>\n\n\n\n<li><strong><strong>Enforce upgrade to macOS 14 Sonoma<\/strong><\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 12 Monterey will be upgraded to macOS 14 Sonoma.<\/li>\n\n\n\n<li><strong>Enforce upgrade to macOS 13 Ventura<\/strong>&nbsp;&#8211; Devices with this policy applied to them that are currently running macOS 12 Monterey will be upgraded to macOS 13 Ventura.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Automatic Action for devices Running macOS 11 Big Sur<\/strong>:\n<ul class=\"wp-block-list\">\n<li><strong>Do nothing&nbsp;<\/strong>&#8211; Devices currently running macOS 11 Big Sur will not be upgraded.<\/li>\n\n\n\n<li><strong>Enforce upgrade to <strong>macOS 26<\/strong><\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 11 Big Sur will be upgraded to macOS 26.<\/li>\n\n\n\n<li><strong><strong>Enforce upgrade to macOS 15 Sequoia<\/strong><\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 11 Big Sur will be upgraded to macOS 15 Sequoia.<\/li>\n\n\n\n<li><strong><strong>Enforce upgrade to macOS 14 Sonoma<\/strong><\/strong> &#8211; Devices with this policy applied to them that are currently running macOS 11 Big Sur will be upgraded to macOS 14 Sonoma.<\/li>\n\n\n\n<li><strong><strong>Enforce upgrade to macOS 13 Ventura<\/strong><\/strong>&nbsp;&#8211; Devices with this policy applied to them that are currently running macOS 11 Big Sur will be upgraded to macOS 13 Ventura.<\/li>\n\n\n\n<li><strong>Enforce<\/strong> <strong>upgrade to macOS 12 Monterey<\/strong>&nbsp;&#8211; Devices with this policy applied to them that are currently running macOS 11 Big Sur will be upgraded to macOS 12 Monterey.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>If the policy is configured to upgrade macOS 12 to 13 and mac OS 11 to 12, users running macOS 11 will be subjected to two major upgrades. As a result, users currently running macOS 11 will eventually be upgraded to macOS 13.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>Under&nbsp;<strong>Minor Update Settings<\/strong>, configure any combination of these fields:\n<ol start=\"1\" class=\"wp-block-list is-lower-alpha\">\n<li>Select&nbsp;<strong>Defer Update Releases<\/strong>&nbsp;to delay users from installing the latest available minor update. You can defer an update for 90 days after its release.\n<ul class=\"wp-block-list\">\n<li>For&nbsp;<strong>Deferral Length in Days<\/strong>, enter the number of days you want to defer a minor update after it\u2019s released. The minimum value is 1 day and the maximum is 90 days. The default is 30 days.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Select&nbsp;<strong>Enforce Automatic Updates<\/strong>&nbsp;to prompt users to install available minor updates based on the current OS. If users don\u2019t install updates before the deadline, those updates will be automatically installed.\n<ul class=\"wp-block-list\">\n<li>For<strong>&nbsp;Installation Deadline in Days<\/strong>&nbsp;enter the number of days users have to install a minor update after it\u2019s available. If updates aren\u2019t installed before the deadline expires, update commands are sent daily until the device is updated. The minimum value is 0 days and the maximum is 90 days. The default is 30 days.<\/li>\n\n\n\n<li>Entering an<strong> Installation Deadline in Days<\/strong>&nbsp;that is equal or less than the number of days since the update was released (refer to the Release Trains table on the <strong>Policy Management<\/strong> &gt; <strong>Patch Management<\/strong> tab) will trigger an immediate update on unpatched devices.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Select&nbsp;<strong>Defer Non-OS Updates<\/strong>&nbsp;to delay users from installing non-OS updates. Examples of non-OS updates are a Safari update or an Xcode Command Line Tools update. You can defer updates for 90 days after their &nbsp;release.\n<ul class=\"wp-block-list\">\n<li>For&nbsp;<strong>Deferral Length in Days<\/strong>, enter the number of days to defer non-OS updates after they are released. The minimum value is 1 day and the maximum is 90 days. The default is 30 days.<br><img decoding=\"async\" width=\"615\" height=\"498\" class=\"wp-image-83264\" style=\"width: 700px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/PatchMgmtPolicySettings2.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtPolicySettings2.png 615w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtPolicySettings2-300x243.png 300w\" sizes=\"(max-width: 615px) 100vw, 615px\" \/><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>If a major OS upgrade and a minor version update are available at the same time, a major OS upgrade takes precedence over a minor update.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"7\" class=\"wp-block-list\">\n<li>(Optional) Under&nbsp;<strong>Notification Settings<\/strong>, you can create a personalized message for your users when&nbsp;a minor&nbsp;update is available.&nbsp;You can choose to display custom notifications for minor updates to your users.\n<ol start=\"1\" class=\"wp-block-list is-lower-alpha\">\n<li>Select&nbsp;<strong>Enable Custom Minor Update Notifications<\/strong>&nbsp;to send personalized notifications to your users about minor updates. If you do not select this, users will not receive notifications about new updates and will not be notified of installation deadlines.&nbsp;Instead, users will see&nbsp;<em>native<\/em>&nbsp;notifications about updates from Apple.<\/li>\n\n\n\n<li>For&nbsp;<strong>Update Notification Message<\/strong>, enter a custom message that your users see when updating. The maximum length for the message is 75 characters.&nbsp;<\/li>\n\n\n\n<li>To add your company\u2019s logo to the notification, go to&nbsp;<strong>Settings<\/strong>&nbsp;and select the&nbsp;<strong>Organization Profile<\/strong>&nbsp;tab.\n<ul class=\"wp-block-list\">\n<li>Under&nbsp;<strong>Customize Logo<\/strong>, click&nbsp;<strong>Choose a File<\/strong>&nbsp;and upload your PNG or JPG logo file. A transparent or white background is required.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Click&nbsp;<strong>Save<\/strong>.&nbsp;If you don\u2019t upload a logo, the JumpCloud logo is used by default..<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Select a&nbsp;<strong>Notification Preview<\/strong>&nbsp;type and view how your logo and message will appear.&nbsp;You can choose to display custom notifications for minor updates to your users.\n<ul class=\"wp-block-list\">\n<li><strong>Latest Update<\/strong>&nbsp;&#8211; The device is running the most recent macOS version.&nbsp;Users are prompted to click&nbsp;<strong>Update Device<\/strong>&nbsp;to install the latest minor version update for the current major OS.<\/li>\n\n\n\n<li>\u200b\u200b\u200b\u200b<strong>Minor Update<\/strong>&nbsp;&#8211; The device is not running the most recent major macOS version, but has a minor update available. Users are prompted to click&nbsp;<strong>Update Device<\/strong>&nbsp;to install the update.<br><img decoding=\"async\" width=\"1043\" height=\"488\" class=\"wp-image-83263\" style=\"width: 600px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/PatchMgmtNotificationSettings.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtNotificationSettings.png 1043w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtNotificationSettings-300x140.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtNotificationSettings-1024x479.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtNotificationSettings-768x359.png 768w\" sizes=\"(max-width: 1043px) 100vw, 1043px\" \/><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card warning\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Warning:<\/strong> \n<p>If you enable notifications without inputting or selecting <strong>Installation Deadline Days<\/strong> in the previous step (<strong>7b<\/strong>), this defaults to a 0 day grace period which will force immediate updates on devices. <\/p>\n\n\n\n<p>To prevent this, either:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Increase the <strong>Installation Deadline Days<\/strong> in step 7b.<\/li>\n\n\n\n<li>Or disable both <strong>Enforce Automatic Updates<\/strong> (7b) and <strong>Custom Minor Update Notifications<\/strong> (8a). <br><img decoding=\"async\" width=\"929\" height=\"487\" class=\"wp-image-102586\" style=\"width: 500px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/12\/macos_patch_policy_update_required_notification.jpg\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/12\/macos_patch_policy_update_required_notification.jpg 929w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/12\/macos_patch_policy_update_required_notification-300x157.jpg 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/12\/macos_patch_policy_update_required_notification-768x403.jpg 768w\" sizes=\"(max-width: 929px) 100vw, 929px\" \/><\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"8\" class=\"wp-block-list\">\n<li>Click&nbsp;<strong>save<\/strong>.<br><img decoding=\"async\" width=\"598\" height=\"197\" class=\"wp-image-83262\" style=\"width: 300px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateSettingsMessage.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateSettingsMessage.png 598w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateSettingsMessage-300x99.png 300w\" sizes=\"(max-width: 598px) 100vw, 598px\" \/><\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>Custom notifications are not available for major upgrades. If a device has a major macOS upgrade available to install, users with this policy applied to their devices are automatically upgraded via MDM commands. Users will see only the  notification above that the upgrade is scheduled.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"9\" class=\"wp-block-list\">\n<li>Verify that the logo you uploaded appears correctly in the policy:\n<ol start=\"1\" class=\"wp-block-list is-lower-alpha\">\n<li>Go to<strong>&nbsp;Device Management &gt; Policy Management<\/strong>.<\/li>\n\n\n\n<li>Select&nbsp;<strong>Patch Management,&nbsp;<\/strong>then select the&nbsp;<strong>OS<\/strong>&nbsp;tab.<\/li>\n\n\n\n<li>Select a new or existing policy that will have the custom reminder.<\/li>\n\n\n\n<li>In the policy\u2019s&nbsp;<strong>Details<\/strong>&nbsp;tab, click&nbsp;<strong>Customization Settings<\/strong>. The logo that you uploaded in Step 8b appears here.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>(Optional) Select the policy you just created and select&nbsp;<strong>Device Groups<\/strong>. Select one or more device groups where you&#8217;ll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.<\/li>\n\n\n\n<li>(Optional) Select&nbsp;<strong>Devices<\/strong>. Select one or more devices where you&#8217;ll apply this policy.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>For this policy to take effect, you must specify a device or a device group in Step 11 or Step 12.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"12\" class=\"wp-block-list\">\n<li>Click&nbsp;<strong>save<\/strong>. The configured policy appears in the&nbsp;<strong>OS<\/strong>&nbsp;tab.<\/li>\n<\/ol>\n\n\n\n<p>You can also create patch policies for Windows and Linux. See&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/create-a-windows-patch-policy\">Create a Windows Patch Policy&nbsp;<\/a>and&nbsp;<a href=\"http:\/\/jumpcloud.com\/support\/create-a-linux-patch-policy\">Create a Linux Patch Policy<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Understanding macOS Alerts<\/h2>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>End user notifications will prompt users for minor updates when <strong>Enforce Automatic Updates<\/strong> option is enabled by the Admin. If <strong>Enforce Automatic Updates<\/strong> isn&#8217;t enabled, users won&#8217;t see the custom notification to update.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>The alerts from JumpCloud begin once the device detects that it has an update available. Every five hours\u2013twice per average working day\u2013the alert window will launch and prompt the user to update the operating system.<br><br>When less than 72 hours remain in the deadline, the alert will increase in frequency from twice per working day to 6 times per working day, every 100 minutes.&nbsp;When less than 24 hours remain in the deadline, the alert will increase in frequency again from every 100 minutes to every 10 minutes.<br><br>When the deadline has elapsed, and the system is still not updated, the alerts will continue every 10 minutes, but the window can no longer be closed, will re-center on the screen every 10 minutes, and you cannot quit the app from the UI. If the user discovers the process and terminates it through the command line, it will regenerate.<\/p>\n\n\n\n<p><strong>Alerting Behavior Differences When Major OS Updates Are Available<\/strong><br>There are alerting differences for the notifications presented to end users via this policy based on the major OS version a device is running.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Update Notification When Running the Latest MacOS Version (MacOS Ventura)<\/strong>&nbsp;<br>When a device is running the latest macOS major OS version, the notification for a minor version update drives users to update their devices using the native flow via Apple&#8217;s&nbsp;<strong>System Preferences &gt; Software Update<\/strong>.<br><img decoding=\"async\" width=\"601\" height=\"321\" class=\"wp-image-83261\" style=\"width: 700px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateDeviceRequiresUpdate.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateDeviceRequiresUpdate.png 601w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateDeviceRequiresUpdate-300x160.png 300w\" sizes=\"(max-width: 601px) 100vw, 601px\" \/><br>The dialog in System Preferences that is opened by clicking&nbsp;<strong>Update Device<\/strong>&nbsp;will only show the available patches for the system. It shows new versions of the operating system that are&nbsp;<em>already approved<\/em>, and thus, eligible for update.&nbsp;Follow the steps onscreen to update your device.<br><br>When users are within a few days of the deadline for updating the device, they must click&nbsp;<strong>I understand<\/strong>&nbsp;to get the Close button to appear. As the IT Admin, you configure the deadline date in the Automatic MacOS Updates policy. After the deadline date passes, users must click&nbsp;<strong>Update Device<\/strong>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Update Notification When Major MacOS Update Are Available (MacOS Monterey or Big Sur)<\/strong>&nbsp;<br>When a device is not running the latest macOS major version, the notifications presented to end users provide additional information to drive them to update to the latest version of their supported operating system.<br><img decoding=\"async\" width=\"602\" height=\"318\" class=\"wp-image-83260\" style=\"width: 700px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateDeviceRequiresUpdate2.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateDeviceRequiresUpdate2.png 602w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateDeviceRequiresUpdate2-300x158.png 300w\" sizes=\"(max-width: 602px) 100vw, 602px\" \/><br>The dialog in System Preferences that opens when users click&nbsp;<strong>Update Device<\/strong>&nbsp;displays the macOS major version update, as well as instructions for More Info. This notification drives end users to click&nbsp;<strong>More Info<\/strong>&nbsp;to learn how to install the required update.<br><br>For example, a device that is not running the latest macOS version that is available for installation after clicking&nbsp;<strong>More Info&nbsp;<\/strong>can view details in Software Update in Apple&#8217;s&nbsp;System Preferences.&nbsp;<br><img decoding=\"async\" width=\"442\" height=\"269\" class=\"wp-image-83259\" style=\"width: 400px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateMacUpdatesScreen.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateMacUpdatesScreen.png 442w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/PatchMgmtUpdateMacUpdatesScreen-300x183.png 300w\" sizes=\"(max-width: 442px) 100vw, 442px\" \/><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Removing a Patch Policy<\/h2>\n\n\n\n<p>To remove an existing patch policy:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>From the <a href=\"https:\/\/console.jumpcloud.com\/login\">JumpCloud Admin Portal<\/a>, go to&nbsp;<strong>Device Management &gt; Policy Management<\/strong>.<\/li>\n\n\n\n<li>Select&nbsp;<strong>Patch Management,&nbsp;<\/strong>then select the&nbsp;<strong>OS<\/strong>&nbsp;tab.<\/li>\n\n\n\n<li>Select the policies you want to remove.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Delete<\/strong>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>continue<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-tips-for-ensuring-successful-major-os-upgrades\">Tips for Ensuring Successful Major OS Upgrades<\/h2>\n\n\n\n<p>Communicate with your users the following requirements to ensure their devices upgrade as expected. <\/p>\n\n\n\n<p>The best way to ensure that devices upgrade is to leave the laptop locked overnight while connected to a network and power source, and ensure all work is saved or closed beforehand.<a href=\"https:\/\/jumpcloud.atlassian.net\/wiki\/label\/TWD\/ikb-draft\"><\/a><\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Network connection<\/strong>: User devices should have network connectivity.<\/li>\n\n\n\n<li><strong>Adequate storage space: <\/strong>Ensure the device has sufficient storage that meets the OS size requirements.<\/li>\n\n\n\n<li><strong>Device should be connected to power source or have at least 50% battery: <\/strong>To ensure a smooth upgrade, it is best to connect the device to a power source.<\/li>\n\n\n\n<li><strong>Save work\/documents: <\/strong>If there are unsaved documents opened, this can potentially prevent the upgrade from taking place. Ensure all work is saved.<\/li>\n\n\n\n<li><strong>Do not close countdown notification on the top right hand corner: <\/strong>An &#8220;Update requested&#8221; notification will appear, followed by a &#8220;Restarting Your Computer&#8221; notification on a 60-second countdown. If at any point the user closes these notifications, the upgrade will be postponed until the device checks in again for available updates (this happens once every 24 hours).<\/li>\n\n\n\n<li><strong>Device compatibility: <\/strong>Check that the device is compatible with the OS upgrade. For the latest compatible devices, see Apple&#8217;s article <a href=\"https:\/\/support.apple.com\/en-gb\/120282\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">macOS Sequoia is compatible with these computers<\/a>.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>JumpCloud\u2019s automated patch management helps you keep your managed macOS devices and apps secure and updated. As an IT Admin [&hellip;]<\/p>\n","protected":false},"author":202,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2852,3010,2862],"support_tag":[],"coauthors":[2836,3011],"class_list":["post-75374","support","type-support","status-publish","hentry","support_category-devices","support_category-patch-management","support_category-policies"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.3.1 (Yoast SEO v25.3.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Create a macOS Patch Policy - JumpCloud<\/title>\n<meta name=\"description\" content=\"Explore how automated patch management helps you control when major macOS upgrades and minor update patches are installed.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Create a macOS Patch Policy\" \/>\n<meta property=\"og:description\" content=\"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-19T00:12:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/DeploymentRings.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"19 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"denasteward, Nick Conrad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy\",\"url\":\"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy\",\"name\":\"Create a macOS Patch Policy - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/DeploymentRings.png\",\"datePublished\":\"2023-05-07T14:15:59+00:00\",\"dateModified\":\"2026-03-19T00:12:55+00:00\",\"description\":\"Explore how automated patch management helps you control when major macOS upgrades and minor update patches are installed.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/DeploymentRings.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/DeploymentRings.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Create a macOS Patch Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Create a macOS Patch Policy - JumpCloud","description":"Explore how automated patch management helps you control when major macOS upgrades and minor update patches are installed.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy","og_locale":"en_US","og_type":"article","og_title":"Create a macOS Patch Policy","og_description":"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.","og_url":"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy","og_site_name":"JumpCloud","article_modified_time":"2026-03-19T00:12:55+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/DeploymentRings.png","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"19 minutes","Written by":"denasteward, Nick Conrad"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy","url":"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy","name":"Create a macOS Patch Policy - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/DeploymentRings.png","datePublished":"2023-05-07T14:15:59+00:00","dateModified":"2026-03-19T00:12:55+00:00","description":"Explore how automated patch management helps you control when major macOS upgrades and minor update patches are installed.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy#primaryimage","url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/DeploymentRings.png","contentUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/DeploymentRings.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/create-a-macos-patch-policy#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Create a macOS Patch Policy"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75374","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/202"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75374\/revisions"}],"predecessor-version":[{"id":143725,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75374\/revisions\/143725"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=75374"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=75374"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=75374"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=75374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}