Providing access to macOS software updates via Jamf Pro’s Self Service
For a number of OS releases, Apple made both macOS software updates and Mac App Store (MAS) updates available via the MAS Updates page. I was able to use this to provide an easy way for customers to check for available software updates using Jamf Pro’s Self Service.
As of macOS Mojave though, Apple moved macOS software updates to the Software Update preference pane in System Preferences.
Opening the Software Update preference pane will automatically trigger a check for available macOS updates, so it’s possible to approximate the previous behavior by running the following command without root privileges:
open /System/Library/PreferencePanes/SoftwareUpdate.prefPane
When this command is run via the command line, the following actions take place:
- System Preferences launches
- The Software Update preference pane automatically loads
- The Mac automatically checks for macOS updates.
For folks using Jamf Pro, this command can be leveraged to provide a way for customers to easily check for macOS software updates on their own schedule. For more details, see below the jump.
As an example of how this can be used, a Self Service policy can be built which uses the command referenced above.
- Frequency: Ongoing
- Trigger: None
- Make Policy Available In Self Service
- Actions:
- Execute command:
open /System/Library/PreferencePanes/SoftwareUpdate.prefPane
Note: For those looking for the Software Update icon on macOS Mojave, it is attached to the following application:
/System/Library/CoreServices/Software Update.app
Once built, the policy should be available in Self Service for your customers to access.
Please see below for what the process looks like from the customer’s perspective.
Leave a comment
Recent Comments
 | nathanhaggard on Losing a giant |
 | andras0602 on Disabling login window clock d… |
 | Jeff on Losing a giant |
 | Ousley, Kara on Losing a giant |
 | jmoyer9af90c9f6b on Granting Volume Owner status o… |
Der Flounder 
See also https://macosxautomation.com/system-prefs-links.html
(or more specifically: open x-apple.systempreferences:com.apple.preferences.softwareupdate)
There’s nothing specifically better about this approach if you are using the “open” command, but it might allow you to include these as links in other contexts.
Thanks for this tip! Just did the same thing in our Mosyle portal.
My challenge isn’t so much getting the workflow to Self Service. What has worked to get users to actaully go into Self Service and do it on a consistent basis?
We have a smart group setup “Needs Updating”, where we set the criteria “Number of Available Updates” to greater than 0. From there you can either force the update or pop up JAMFHelper to tell them. Hint: we have had to resort to force w/defer of one day.
If the user is expected to initiate via Self Service, why not just call a script that contains “softwareupdate -i -a -r”? It works in 10.14 & below and the user can be presented with a message that a restart might occur if needed, with an option to decline checking for updates.
In my experience, softwareupdate -I -a -R does reboot, but there’s no notification to the user. The screen just goes black and whatever is open is lost.
And what benefit does this have over configuring the Software Updates policy payload and making that available via Self Service?
The software updates policy payload doesn’t do anything other than name a custom ASUS. You could use the softwareupdate command (or sudo jamf software update) but that doesn’t have the same GUI interaction that users are used to.
Yeah I had a similar question as echave/wildfrog regarding why not use the software update command; is that no longer working in Majave?
I have a doubt about how JAMF provides the macOS patches, so the user can identify them?