Apple macOS Patching Policy Setup

Determine when the device will scan for available new patches. 

• Schedule: Use the drop-down menu to choose the scan frequency.
• Days: If your scan interval is longer than daily, select the days of the week on which the system should perform the scan. Devices are patched only on the days chosen. If you do not select any days, the system will display an error message.
• Time and Time Zone: Select the time of day and the appropriate time zone to perform the scan. By default, scans start at 8 A.M. local device time, and updates start at 5 P.M. local device time. These defaults only apply to new policies.
• Stagger over: Set a stagger interval to distribute patch installation times across your devices and avoid simultaneous updates. For more information, refer to NinjaOne Patch Management: Load Balancing Patch Installations With the Stagger Feature.
• Duration: Set the maximum amount of time for the agent to run an action before stopping. This setting applies to both scheduled and manually initiated actions.
• Run scan immediately, if missed: Select this checkbox to run a scan immediately upon saving your settings.
• Apply immediately: Select this checkbox to have the system apply patches immediately when it finds them in a scan. 

Specify when NinjaOne should apply the updates it finds when scanning. 

• Schedule: Use the drop-down menu to choose the update frequency.
• Days: If your update schedule is longer than daily, select the days of the week on which NinjaOne should perform the update. Devices are patched only on the days chosen. If you do not select any days, the system will display an error message.
• Time and Time Zone: Select the time of day and the appropriate time zone to perform the update. By default, scans start at 8 A.M. local device time, and updates start at 5 P.M. local device time. These defaults only apply to new policies.
• Stagger over: Set a stagger interval to distribute patch installation times across your devices and avoid simultaneous updates. For more information, refer to NinjaOne Patch Management: Load Balancing Patch Installations With the Stagger Feature.
• Duration: Set the maximum amount of time for the agent to run an action before stopping. This setting applies to both scheduled and manually initiated actions.
• Run update immediately, if missed: Select this checkbox to run an update immediately.
• Maintenance Mode: Suppress Emails/SMS/Push notifications: Select this checkbox to prevent NinjaOne from sending alerts caused by actions occurring during the update (such as device reboots). You can refine this setting by selecting the Suppress condition alerts and Suppress notification channels checkboxes. Refer to NinjaOne Platform: Maintenance Mode for more information. 

These settings let you specify reboot behavior after NinjaOne patches a device. You can configure settings for both logged-in and logged-out users. If an end user interacts with a reboot prompt, NinjaOne will display an activity in the Device's Activity feed. Refer to Device and System Activity Notification Feed for more information.

Reboot options: Logged-in user:

You can configure the following settings:

• Prompt to reboot until reboot accepted: NinjaOne will display an on-screen prompt instructing the user to reboot and allow the update to complete.
  • Use the scheduling options to determine the prompt frequency.
  • Select the Force reboot after checkbox to set the number of prompts before NinjaOne automatically reboots the device.
  • Select the Custom reboot dialog checkbox to replace the default prompt with your own text.
• Notify the user, then reboot: Choose this option to send the user a notification, then automatically reboot the machine and complete the update. Refer to NinjaOne Platform: Notification Channels for more information. Use the scheduling options to determine how long NinjaOne should wait before sending the notification and triggering the reboot.
• Automatically reboot: This option tells NinjaOne to reboot the device after the update installation is complete. Use the scheduling options to determine how long NinjaOne should wait before rebooting the device.
• Time Period and Unit: If you selected Prompt the user to reboot until reboot accepted, use these fields to specify the prompt frequency. Select the checkbox to force a reboot after a specific number of prompts.
• Custom Reboot Dialog: Select this checkbox to add custom text to the reboot prompt.

Reboot options: Not logged in user:

You can configure the following settings:

• Attempt to reboot until successful: NinjaOne will keep trying to reboot the device, even if reboots fail, until it completes the action. Use the scheduling options to determine the reboot attempt frequency. 
• Reboot immediately: NinjaOne will reboot the device as soon as the update is ready.
• Schedule: Use the drop-down menu to choose the prompt frequency.
• Time and Time Zone: Select the time of day and appropriate time zone to perform the reboot. 

Configure automatic patch approval settings. You can choose to Approve,Reject, or require Manual approval for patches in two categories:

• Critical: Patches associated with a known CVE
• Unassigned: All other patches

Set NinjaOne to override your patching policy for specific patches. Click the link to open the Overrides list, then search for the patch name. Use the second drop-down menu to select whether to approve or reject the patch.  

Examples of scenarios in which patches would appear in the Overrides section:

• If the category approval is set to Manual, and you then approve or reject the patch for the policy.
• If the category approval is set to Approve, and you then manually reject the patch for the policy.
• If the category approval is set to Reject, and you then manually approve the patch for the policy.