Patching MacOS with KACE SMA


The article below is out of date and will no longer accomplish OS updates on MacOS. It can still be used for those supplemental updates like Safari, but for patching the OS, this method no longer works. My colleague Sven took some time to research and document a new method that does work, and you can find that here >> https://www.itninja.com/blog/view/macos-patching-with-sma

Patching MacOS devices has become a fun challenge for IT admins. While patching 3rd party applications can still be accomplished using traditional patching tools, updating the operating system has been limited to the more modern management methods of MDM providers. While MDM tools (such as KACE Cloud MDM) are beautifully proficient at helping you keep these systems up to date, some admins already have traditional management solutions in place, and can't get approval for another tool, or don't want to manage multiple platforms.

This is where the softwareupdate command can help.

softwareupdate is a CLI utility available on MacOS to among other things, detect and deploy operating system (and Safari) patches. There are a number of other operators you can utilize with softwareupdate to do things like only download patches (no install), install only OS patches, etc. A Screenshot of the man page for the command is below.

  • Man page (no shocker here): $ softwareupdate -h
  • List updates: $ softwareupdate -l
  • Download specified updates (no install): $ softwareupdate -d
  • Install specified updates: $ softwareupdate -i
    • When using the -i flag, there are several ways to specify which updates you want to install.
      • Install a specific update: $ softwareupdate <update label>
      • Install all available updates: $ softwareupdate -a
      • Install all recommended updates: $ softwareupdate -r
        • For recommended updates, you can specify OS only updates by using —os-only
        • example: $ softwareupdate -i --os-only (install OS updates)