diff --git a/docs/Using-Fleet/MDM-macOS-updates.md b/docs/Using-Fleet/MDM-macOS-updates.md index 98f96deafe..a3ef6b7eaf 100644 --- a/docs/Using-Fleet/MDM-macOS-updates.md +++ b/docs/Using-Fleet/MDM-macOS-updates.md @@ -6,33 +6,48 @@ _Available in Fleet Premium_ End users can be reminded and encouraged to update macOS (via [Nudge](https://github.com/macadmins/nudge)). -When a minimum version and deadline is saved in Fleet, the end user sees the below Nudge window until their macOS version is at or above the minimum version. - -To set the macOS updates settings in the UI, visit the **Controls** section and then select the **macOS updates** tab. To set the macOS updates settings programmatically, use the configurations listed [here](https://fleetdm.com/docs/using-fleet/configuration-files#mdm-macos-updates). - ![Nudge window](https://raw.githubusercontent.com/fleetdm/fleet/main/docs/images/nudge-window.png) -As the deadline gets closer, Fleet provides stronger encouragement. +A Fleet admin can set a minimum version and deadline for Fleet-enrolled hosts. If an end user's machine is below the minimum version, the Nudge window above will periodically appear to encourage them to upgrade. The end user has the option to defer the update, but as the deadline approaches, the Nudge window appears more frequently. -If the end user has more than 1 day until the deadline, the Nudge window is shown everyday. The end user can defer the update and close the window. +When the end user machine is below the minimum version, Nudge applies the following behavior: -If there is less than 1 day, the window is shown every 2 hours. The end user can defer and close the window. +| | > 1 day before deadline | < 1 day before deadline | past deadline | +| ------------------------------------ | ----------------------- | ----------------------- | --------------------- | +| Nudge window frequency | Once a day at 8pm GMT | Once every 2 hours | Immediately on login | +| End user can defer | ✅ | ✅ | ❌ | +| Nudge window is dismissable | ✅ | ✅ | ❌ | -If the end user is past the deadline, Fleet shows the window and end user can't close the window until they update. -## End user experience +### How to set up -Apple has a two-step process for macOS updates. First, the host downloads the macOS update in the background without interrupting the end user. Then, the host installs the update, which prevents the end user from using the host. +To set the macOS updates settings in the UI, visit the **Controls** section and then select the **macOS updates** tab. -Downloading the macOS update can be triggered programmatically, while installing the update always requires end user action. +To set the macOS updates settings via CLI, use the configurations listed [here](https://fleetdm.com/docs/using-fleet/configuration-files#mdm-macos-updates). -Fleet downloads macOS updates programmatically on Intel Macs. This way, end users don't have to wait for the update to download before they can install it. +### Requirements +- Fleet Premium or Ultimate +- [Fleetd](https://fleetdm.com/docs/using-fleet/orbit) with Fleet Desktop enabled -> On Macs with Apple silicon (e.g. M1), downloading the macOS update may require end user action. Apple doesn't support downloading the update programmatically on Macs with Apple silicon. +### End user experience + +After the user clicks "update" in the Nudge window, they will be taken to the standard Apple software update screen: + +![Apple software update screen on macOS 12](https://user-images.githubusercontent.com/5359586/228936740-2e8acf2e-6523-4710-9b3f-8243398bd98e.png) + +Here, the user would follow Apple's standard two-step process for macOS updates: +1. Download the macOS update. This occurs in the background and does not interrupt the end user's work. +2. Initiate the update which does prevent the end user from using the host for a time. + +On Intel Macs, Fleet triggers step 1 (downloading the macOS update) programmatically when a new version is available. This way, when the user arrives on the software update screen, they only need to initiate step 2. + +> On Macs with Apple Silicon (e.g. M1), downloading the macOS update may require end user action. Apple doesn't support downloading the update programmatically on Macs with Apple silicon. + +Step 2 (installing the update) always requires end user action. ### Known issue -Sometimes the end user's Mac will say that macOS is up to date when it isn't. This known issue creates a frustrating experience for the end user. Ask the end user to follow the steps below to troubleshoot: +Sometimes after the end user clicks "update" on the Nudge window, the end user's Mac will say that macOS is up to date when it isn't. This known issue can create a frustrating experience for the end user. Ask the end user to follow the steps below to troubleshoot: 1. From the Apple menu in the top left corner of your screen, select **System Settings** or **System Preferences**.