barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfosign-in-altsignin text-widthtimesyoutube

macOS > Patch Management

Mac patch management

Updated on February 23rd, 2024

Patch management helps organizations to ensure the performance and security of the managed Mac devices. In addition to macOS operating systems, Miradore supports automated patching for over 70 different software products, such as Adobe, Dropbox, Safari, and Zoom.

Technical details of Mac patch management

Patch management is available for devices running the following macOS versions:

  • Catalina (macOS 10.15)
  • Big Sur (macOS 11)
  • Monterey (macOS 12)
  • Ventura (macOS 13)
  • Sonoma (macOS 14)

The patch management is run with a Miradore client application (a process named "Miradore client"), a light background service on managed macOS devices.

To enable the patch management, the Miradore client will be automatically installed on all Mac devices that run macOS 10.15 or newer and are enrolled on the Miradore site.

You can centrally manage patches for Mac devices in the following stages:

  • Detect
  • Report
  • Pilot
  • Deploy

Detection of available patches and reporting are included in the Miradore Free plan, while pilot testing and patch deployment come with the Miradore Premium plan. To fully benefit from the feature, we recommend you to have the Premium plan.

Mac patch deployment

Miradore users with the Premium plan can automate the patch installation for their Mac devices and create custom installation rules by including some vendors and their products and excluding others. In Miradore, administrators can define the settings for automated patch installation at Management > Patches - Installation settings.

enable macOS patching

Read the article about automated patch management to learn more about the installation settings.

If you are a Miradore administrator, you can define a pilot group for testing released patches with specific devices. You can define the pilot group using tags. Learn more about patch deployment in Miradore.

Notification for a restart

Sometimes patch installations require a device to restart. Notifications differ depending on whether the patch contains software or operating system updates, due to their different management practices.

Software patching

When a notification is about to show for the first time, the macOS system displays a pop-up for device users to give authorization for showing notifications from the Miradore client.

Allow notifications from Miradore Notifier on Mac for patch installations

If device users set this to Allowed, they get notified, for example, about the need to restart the device after a patch is installed.

macOS patch management notification

If device users don't allow the notifications, the Miradore client is not able to show the restart requests.

Note: This setting can be modified in the System Settings option of the OS after the first notification has been displayed to the user.

OS patching

After an OS patch is installed, the macOS operating system shows a notification that the patched computer will restart in 60 seconds.

Note: If you ignore this notification, the computer does not restart after the 60 seconds elapse. Your computer restarts only if you hover over the notification, and select Restart.

If you allowed previously the macOS client to show notifications on your computer, in 0-10 minutes after the macOS notification is displayed, the macOS client displays a more user-friendly restart notification.

macOS patch management notification

Note: If you previously did not allow the macOS client to show notifications on your computer, to receive the more user-friendly restart notifications, navigate to System Settings > Notifications > Miradore client notification and allow the notifications.

Hover over the restart notification to select if you want to restart the computer, or delay the restart.
The computer does not restart if you:

  • Dismiss the restart notification.
  • Ignore the restart notification.
  • Select Not now.

If you delay restarting your computer, the restart notification is displayed again in about 24 hours, or if you select Start patch installation now in the Actions menu in Miradore.

Next Article: