sign in sign up
<<
Home , Apple File System, IOS, IOS 12, MacOS, MacOS Mojave

APPLE OS Upgrades Guide For Beginners

Everything you need to prepare for macOS Mojave, iOS 12 and tvOS 12 Apple OS upgrades are coming. Are you ready?

Exciting new versions of macOS (for Mac), iOS (for iPhone and iPad) and tvOS (for Apple TV) are heading to a device near you. Your job is simple. Get these features into the hands of users, all without disrupting workflows or slowing productivity.

As most IT organizations know, this can often be easier said than done, especially when factoring in the speed which Apple users like to upgrade. Now for the good news. At , we’ve been doing this for than 16 years, and are here to provide step-by-step guidance for successful Apple upgrades — regardless if it is your first, fifth or 16th OS season. Contrary to other ecosystems, Without the complications of licensing, Apple’s Why an major new versions of Apple’s user-initiated upgrades are easy for end users operating systems, macOS, iOS to carry out autonomously. This is one of the Apple and tvOS are released annually. reasons Apple’s operating systems have the A combination of the simple highest adoption rate of any ecosystem. upgrade is upgrade and $0 cost help End users are so excited to access the drive impressive adoption rates new features; yet, you’re responsible for different for consumers. maintaining security controls and an accurate systems inventory at all times. This trend is further accelerated by Apple’s vertical integration of hardware and : This guide provides you with a thorough any new Mac, iPad, iPhone, Apple TV or Apple understanding of the new operating systems, Watch will always ship with the latest OS and ways to carefully prepare for and version and can’t be downgraded. This is in implement an upgrade. You’ll learn how to stark contrast to Windows, where Windows minimize disruptions and eliminate unplanned 7 remains more popular than the newer downtime, gaining the knowledge to deliver release. The same can be said organizational value and walk users through for Android, where only a minority of devices their macOS Mojave, iOS 12 and tvOS 12 are running the latest version of Android. upgrades. This level of fragmentation is a challenge for organizations concerned with security, and makes it nearly impossible to offer a consistent, protected device experience when attempting to support a wide variety of devices and OS platforms. And, since most Windows and Android devices are often not current, they are at a much higher risk for a security breach. The case for zero-day upgrades There are four key reasons organizations should embrace upgrades and allow end users to update their device(s) the day new operating systems are released:

1 Reduce security vulnerabilities 3 Keep users productive

Old versions of software are always less secure. It’s in your best The latest operating systems introduce new features that interest to empower and encourage users to upgrade to the support greater efficiency and productivity. When day-zero latest operating systems. This will help ensure your organization upgrades are discouraged, users are unable to take advantage doesn’t fall to data breaches and system vulnerabilities, all of helpful functionality, such as a redesigned because devices are out of date. to more easily discover new apps and to quickly guide users on iOS 12.

2 Keep end users happy 4 Access new IT management features

Apple trains users to keep their software up to date. In turn, Apple Gain access to a wealth of new management features. Not only users expect to be able to successfully update their device(s) will you have access to new capabilities for the day a new becomes available. Day-zero management, but you can also customize and configure upgrades ensure this expectation is met. new end-user features based on the unique needs of your environment. By participating in the Apple features and issues that impact you most will Beta Software Program, you be addressed. And, if you are the first to submit can check compatibility with a bug report to Apple, you’ll have visibility into your existing applications, the status of your ticket. Otherwise, duplicate Join the bugs are closed, and you won’t have insight test the new features of the beta party OS, and make sure it meets into Apple’s progress. organizational needs prior to 2 Participating in the beta not only gives upgrading. After all, the last you early access to test new features and thing you want is downtime compatibility, but it also offers a deeper and compatibility issues mid- understanding of how the end-user upgrade. experience will be impacted. Knowing which STEP new settings have been added, any features 1 Apple is regularly updating its operating that have moved, or changes to labels can systems, which means participating in the necessary updates to your training beta program provides months of testing materials, onboarding kits, etc. This helps ahead of an operating system release. your organization best prepare for changes to Apple offers both paid developer and free the end-user experience, so you can execute public beta programs for macOS, iOS and a more user-centric support model and tvOS. The paid developer account typically communication plan accordingly. costs $100 annually, but provides access to additional resources, such as release . 3 Lastly, in addition to new OS settings and Additionally, Apple also offers the AppleSeed features, application, infrastructure, and for IT programs for enterprise and education management compatibility testing is critical customers at no cost and by invite only. for continuity with current software offerings in your environment. A recommendation is Why Beta? for IT administrators to run Apple’s betas to test their deployed apps for issues. Reporting 1 The beta cycle for these operating any issues to the associated vendors upon systems typically occurs in multiple phases. discovery will help ensure the apps work Participating early and submitting feedback upon Apple’s official release. to Apple increases the likelihood that the Beta tips Join the Use dedicated hardware for pre-release uses to manage and secure your Mac, iPad, testing of Mac, iPad, iPhone and Apple TV iPhone or Apple TV devices should provide devices. As always, avoid using personal or active beta programs year-round and demon- beta party business-critical hardware for beta testing. strate the ability to test compatibility with Apple’s beta software on all of your devices. Not only is it critical to test your organization’s business tools with Apple’s betas, but you Check out Apple’s iOS Lifecycle Management should test your device management solution white paper for more details. as well. Whichever solution your organization

1STEP An upgrade story

When the MacBook Pro with Touch Bar By participating in Apple’s betas introduced Touch ID to macOS for the and submitting feedback to Apple, first time, this new authentication method organizations can have these dis- impacted organizations worldwide. Why? cussions months prior to an upgrade. Because organizations did not discuss This also allows them to better adapt how they would categorize this new their security policies to categorize and authentication method. How would it embrace new tech, which eliminates impact end users? How does it work leaving users in ambiguous spots. a security policy? Conduct To aid in your planning, 2 Applications strategic categorize testing into three Includes both web and non-web based buckets: applications. If you don’t have time to test all apps, prioritize based on an application testing 1 Infrastructure vendor’s statements related to compatibility. Includes anything outside your application For vendors who don’t proactively stack, such as VPN or testing printer drivers promote planned compatibility on their (which should always be tested with new website, in documentation or within direct operating systems). Testing infrastructure is communications, it is best to validate the apps STEP 2 less of a concern for organizations moving yourself. toward hosting and services. 3 Management

Includes device deployment and manage- ment solutions (MDM, EMM, UEM, etc.). Infrastructure Investment Check that your device management solution offers the ability to test new restrictions, As Apple makes strides in infrastructure integrations by partnering with management capabilities and features. companies like Cisco, upgrade season is the ideal time to evaluate your For example, new steps inside of Setup infrastructure investments. If you’re on the fence, there are great motivating in macOS Mojave can be skipped to factors to choose one technology over another given Apple’s integration streamline enrollment — but only if your Apple efforts. For example, the Cisco and Apple partnership delivers unique management solution supports it. enterprise solutions with Fast Lane for iOS and macOS. Prioritization is essential, Consider recruiting end-user liaisons from especially in resource-strapped each department you support (Finance, Incorporate organizations. Take inventory of Marketing, Sales, Technology, HR, etc.) to all applications used across your discuss their daily business processes. Ask a user- organization and rank them by them to walk you through their workflows critical-business nature (financial and which tools they use most. Then, document each item in a spreadsheet format centric test software, CRM software, ERP for testing. software, etc.). with high- . level business apps and move Due to the architecture of iOS and tvOS to mid-level apps, browsers and apps, testing might be more appropriate low-level apps. for these platforms. Consider leveraging automated testing tools such as Sellenium, STEP Many organizations choose to prioritize TestPlant or Sikuli, which automate point- 2 based on automated inventory information and-click tasks to execute a task and test it. from their device management provider, as For more information on testing frameworks, well as frequency of use (most commonly check out ITIL certification. used to least commonly used).

While you may have automated hardware When documenting use cases, lay out the key business units, critical and software inventory information at your level, applications, user tasks and whether you validated compatibility. disposal, there is no replacement for human Example: interaction. Do not forget to identify the key functional business units in your organization Business Operating Critical Apps User Task Validate and interview them. Unit System

Marketing Mid- Word “I want to create a macOS Level Word document on a Mojave machine that was just upgraded, choose the Copperplate font, then print on a printer.” In addition to the testing For Mac devices not enrolled in Apple guidance above, macOS Mojave, Business Manager or Apple School Manager, iOS 12 and tvOS 12 have Jamf customers typically accomplish in-place Understand differing sets of new features upgrades by pre-packaging the macOS and unique impact on your for the user. The macOS installer is the new environment. then either installed automatically by IT or initiated by the end user through Jamf Self Below you will important information for Service (an enterprise app catalog). To save operating what you need to know when upgrading to on network bandwidth and maximize user each operating system. For a comprehensive productivity, the macOS installer can be pre- systems list, please review Apple’s online resources, cached on the systems that are eligible for including articles on their support site. an upgrade. Additional software updates and configuration changes can be combined with Upgrading to macOS Mojave the update to ensure a smooth transition. There are several ways to accomplish upgrades on a Mac. The most common But what about imaging? Imaging, a set of STEP upgrade path for macOS is an in-place technologies that are used in a variety of 3 deployment scenarios, is being replaced upgrade. An in-place upgrade involves installing the operating system while keeping with native Apple technologies. Long-term, user data intact. imaging options will continue to become less and less relevant when it comes to managing One method for conducting an in-place a Mac deployment. Apple doesn’t recommend upgrade is to send an MDM command to or support monolithic system imaging as an Macs enrolled in Apple Business Manager installation method, because the system or Apple School Manager (formerly known image might not include model-specific as the Device Enrollment Program or DEP). information such as firmware updates. See Like iOS, this MDM command will trigger your this article on Apple’s support site for more Mac devices to download the new OS from details. Apple and automatically install it on devices. However, this method will only work for Mac devices enrolled in Apple Business Manager, Apple School Manager or DEP. You must also be connected to the management solution, deploy with policies when you upgrade macOS. This is due using the new --eraseinstall flag with the Understand to firmware updates Apple installs on the startosinstall command. This will only work Mac, further strengthening the security of on that have been converted to the new your devices. Only the macOS installer can Apple . For more information, read download and install these firmware updates, this article. which validates Apple as the of the operating critical firmware.In fact, installing macOS Here are some other areas to consider as you Mojave on a Mac connected by Target Disk prepare to upgrade to macOS Mojave: systems Mode is no longer a supported installation (APFS) method. APFS, Apple’s file system, shipped with The only supported imaging upgrade workflow macOS High Sierra for only solid-state drives. for macOS Mojave leverages System Image APFS is now the standard file system for all STEP Utility to create a NetInstall image. While this drives starting with macOS Mojave. Revisit any 3 can be a more labor-intensive process, Apple imaging workflows in your environment, as supports this method. NetInstall does not they may no longer be supported. See Jamf’s work with Mac devices that have an Apple T2 APFS white paper for more information. chip; for this reason, consider other methods beyond NetInstall.

If you need to erase your hard drive, there is an option to install macOS and erase Customer Quote the hard drive at the same time. After you “ Being able to deploy a Mac operating system upgrade without download the macOS Mojave installer from having to each machine is huge. Jamf Self Service allows the Mac App Store and upload via your Apple us to put the power into our end users’ hands, allowing them to kick off a system upgrade on their time.” Steve Wood Endpoint Services Manager, Omnicom Group Cisco Fast Lane QOS for macOS Kernel extension management

macOS High Sierra introduced Cisco Fast As Apple strengthens macOS security, there Lane for macOS. Cisco Fast Lane enables you are new user consent requirements to load to optimize network traffic for business-critical kernel extensions with or after the installation Understand apps. Organizations using Cisco networks can of macOS Mojave. End users will only need to define what iOS and Mac apps get priority on approve kernel extensions on their Mac if A) the new the network. Inventory your most critical Mac they were not on the Mac before the upgrade to apps and confirm that your device management macOS Mojave, or B) the kernel extensions are operating provider supports the new Cisco Fast Lane QOS not replacing previously approved extensions. features for macOS. Review any existing kernel extensions (for example, with anti-virus software and Software update deferral systems virtualization software), and apply them prior to A configuration profile is available for IT admins any upgrades. who want to defer software updates on a Mac OAuth support for Exchange for up to 90 days. Evaluate your software update timelines and determine whether you need to Apple has added OAuth support for defer future software updates for end users. Exchange. This provides a modern way of This allows IT to test critical applications after a authenticating to Exchange accounts. IT admins new OS is generally available. Taking advantage will be able to enforce this whenever users are of Apple’s beta program can mitigate the need setting up their email accounts for the first time. STEP to enforce any delay for your end users, giving 3 Password restrictions them day-zero access to the latest and greatest. Ability to restrict AutoFill passwords, block User Approved MDM enrollment password proximity requests and prohibit Automatically creating User Approved password sharing via AirDrop. enrollments for users allows IT to remotely Privacy protocols manage security sensitive settings like User- Approved Secure Kernel Extension Loading. Data protection enhancements for apps New profiles, like Approved Kernel Extensions, accessing critical data, and new methods to require a macOS enrollment to be User prevent tracking from advertisers when utilizing Approved. . Upgrading to iOS 12

Unlike macOS upgrades, there is only one users are setting up their email accounts for workflow for iOS upgrades. They are made the first time. Understand available by Apple and then installed by the end Password restrictions user. Here are some other areas to consider as the new you prepare for upgrades to iOS 12: Ability to restrict AutoFill passwords, block password proximity requests and prohibit operating Managed Software Updates password sharing via AirDrop. Organizations can now defer users from Force date and time systems updating for up to 90 days and specify which iOS version to deploy. Automatically set the date and time on iOS devices. Important for schools to prevent Setup Assistant steps students from modifying the date and time on Skip Setup Assistant screens during enrollment their devices; which potentially allowed them and help users to the as fast as to circumvent IT protocols. possible. iMessage, FaceTime, Screen Time STEP and Software Update setup panes are now 3 skippable in iOS 12 (and macOS Mojave).

OAuth support for Exchange

Apple has added OAuth support for Microsoft Exchange. This provides a modern way of authenticating to Exchange accounts. IT admins will be able to enforce this whenever Understand the new Upgrading to tvOS 12 Install App Store apps A Jamf Nation survey found that 95 percent For the first time, purchase and remotely of respondents report leveraging Apple TV deploy apps from the App Store directly to operating devices in their environment, and rightfully Apple TV devices with MDM. so. They enable sharing without Password restrictions systems the need for adapters, all while delivering a modern conference room experience. Apple Ability to restrict AutoFill passwords, block TV is also great for digital signage, wayfinding password proximity requests and prohibit and specific industries, such as hospitality. But password sharing via AirDrop. until recently, they haven’t necessarily been AirPlay for Apple TV, iPad and iPhone easy to set up and manage at scale. That all

STEP changed with tvOS 10.2, and now tvOS 12 In addition to the new management features, 3 gives organizations even more control over you can further secure AirPlay for Apple TV the Apple TV experience. by defining specific passwords for individual Apple TV devices and automatically sharing Here are some areas to consider as you that password with specific iOS devices. This prepare for upgrades to tvOS 12: eliminates accidental sharing of private data to Install software updates different rooms. To prepare, organizations can begin outlining which Apple TV devices pair Remotely install software updates to ensure with each iOS device in their environments. all Apple TV devices are running the latest version of tvOS. A deep understanding of the Steps to preparing end users Upgrades new operating systems, careful 1 Not every end user is aware of the time it planning and insight into the takes to upgrade a Mac. Inform users of the communications potential impact for end users average upgrade time, and provide tips on plan ahead of an upgrade can the best time of day to upgrade. minimize disruption, help desk 2 calls and unhappy end users. Recommend that your end users back up their device(s) before they update. This Next, consider the following applies to localized and iCloud backups. stakeholders and conversations ahead of your upgrade. * If you use a centralized backup tool like Code42 for macOS, consider sending a policy to run a backup before you do an Loop in InfoSec upgrade. Some consumer features released by Apple 3 Implement a policy to require end users may not be approved for use by your InfoSec to update within 30 days, or let them know team. This is why the MDM specs are updated you will update for them. PCIDSS compliance to disable these features. Get together with requires 30 days. your InfoSec team now to discuss which STEP features are appropriate for your organ- When it comes to upgrades, err on the 4 ization. side of over communication. Use email, your company’s intranet, or if your device Establish a test plan, and comm-unicate management solution allows, your Jamf Self these new features to your InfoSec team. By Service app catalog, to give users plenty of participating in Apple’s betas (if your device warning and recommendations prior to OS management solution supports them), you upgrades. They’ll thank you for it (or if all goes can preemptively block any features that well, they’ll say nothing.) concern your InfoSec team before they are available to end users on managed devices. Go forth and conquer

Apple’s upcoming operating systems, macOS Mojave, iOS 12 and tvOS 12 bring innovative capabilities to all organizations.

A streamlined approach to Apple upgrades ensures security measures are met, accurate system inventory is maintained and downtime is eliminated. A purpose-built Apple ecosystem management solution equips you with the tools you need to take advantage of the latest Apple OSs without negatively impacting end users or putting abundant strain on IT personnel.

Jamf is committed to helping organizations succeed with Apple. We’ve offered day-zero support for all Apple releases for more than a decade, ensuring organizations can take advantage of new Apple technology as it becomes available.

Let Us Prove it