macOS Updates and Patch Management Policy

This policy defines UIS support for macOS Operating Systems, and update policies and procedures for keeping University owned Mac computers on secure versions of macOS. 

Definitions

Italics given as current examples as of June, 2021

  • macOS computers can expect to receive major updates (name change updates) for 7-8 years after manufacturing, and receive supplemental and security updates for 10-11 years

  • Apple sends supplemental security updates for the past 3 macOS versions (Big Sur, Catalina, Mojave)

  • UIS supports the past 2 macOS versions (Big Sur, Catalina) due to support of core services

  • Both Box and Zoom only support the past 2 macOS versions

  • UIS allows the macOS version before those, but may not be able to fully support it (Mojave)

  • macOS versions older than 3 versions (High Sierra, Sierra, El Capitan…) are no longer updated by Apple or supported by UIS; unsupported operating systems are not allowed on University networks per the Service Level Agreement for Computer Support

  • Offline computers may be allowed to remain on out of date OSs with UIS approval

Policy

New macOS version

  • Name change updates (Big Sur, Catalina) are known as “Major” updates and contain new features, but can come with compatibility issues for certain applications and services.

    • Major updates are released in the fall by Apple

      • Big Sur (11.0) released November 12th, 2020
      • Catalina (10.15) released October 7th, 2019
      • Mojave (10.14) released September 24th, 2018
      • High Sierra (10.13) released September 25th, 2017

  • UIS tests and confirms compatibility with all core apps and services, but departments and users are responsible for testing and confirming any speciality applications they require will work on a specific operating system.

    • Current UIS application and service tested Apps:

      • UIS admin tools (Antivirus, Bomgar, Jamf)
      • Adobe (Acrobat Reader, Acrobat Pro DC, Creative Cloud)
      • Box (Box Sync, Box Drive, Box Tools)
      • Chrome
      • Firefox ESR
      • Microsoft Office (2016, 2019)
      • SPSS
      • VLC
      • Zoom
      • VPN
      • Examplify

  • Major updates may be delayed if any core apps or services are non-usable.

  • UIS may implement a volunteer beta test before complete University rollout if it is deemed necessary.

  • The information email allowing update the new macOS version will include any known issues with the new Operating System discovered in testing.

Schedule for testing, and University rollout of Major macOS update:

Event What happens Communication
SUMMER    
WWDC / new macOS announced (Early June) UIS begins testing newest macOS using Apple Developer account access  
FALL    
Apple publishes macOS release date & releases Release Seed final version (September - October) UIS confirms Core support, system changes, update concerns and decides when update will be allowed. UIS institutes mac temporary block of installer (if necessary) Email to Mac users about compatibility and release timeframe
macOS release (September - November) Once core support exists on new macOS, users are allowed to update Email to Mac users allowing upgrade (if not stated in previous notification)

 

New macOS version

These updates are the smaller updates released periodically by Apple for the past 3 Major macOS releases (Big Sur, Catalina, Mojave). They provide security patches, and bug fixes. These updates rarely cause any app compatibility issues, and are therefore recommended for all users.

If an issue is discovered from a supplemental update, UIS will block said update until the issue can be resolved. In this case, computers will not see that an update is available, so any update that is seen as available on the computer, is a recommended update.

Update Notification
Computers will be prompted with the standard macOS notification on the computer to install the updates, allowing deferral until that evening, or the next day if desired. 

If a computer is more than 30 days behind on supplemental updates, the computer will be updated with newest macOS update with up to 24 hour deferral.

 

3 year old macOS end of life

Apple stops releasing security patches for macOS versions older than 3 years. UIS will begin prompting users to update before then, and force updates if computers become a security risk. Below is the schedule for such notifications and updates.

Event What happens Communication to Users
SUMMER    
WWDC - new version of macOS announced (June) Work with asset owners of computers that will not be able to update by fall to a security supported OS about replacement or removal Emails to those listed as asset owners of those computers
During Summer Notification policy to alert 3 year old OS computers to update (1/week) macOS notification for all computers not on allowed macOS operating system to update to a supported OS
FALL    
1 month before 3 year old macOS end of security updates (August - September) Notification policy to inform users of forced update (1/day) Notification for all computers not on allowed macOS operating system to update to the lowest allowed OS  or they will be updated on [date]
3 year old macOS - End of Life (September - November) Forced update all security risk macOS computers to oldest allowed macOS version Alert of forced update
WINTER    
January Check on computers that have not updated Communication and remediation of any computers that have not updated

See Also

Supported Operating Systems

 

Questions?

Contact Support

Print Article