Some macOS-specific profiles may not be supported in older versions of macOS. When the profiles are installed via MDM on devices running versions of macOS that do not support the profiles, the configurations will not be honored. A problem can occur after an update where even if the new version of macOS supports the profile, macOS may not start honoring the profile's configuration.
This problem can be solved by re-installing the profile(s) on the devices after the update has finished. SimpleMDM helps with this by re-pushing certain profiles once a device checks in with MDM and detects that an OS update has occurred.
SimpleMDM will automatically re-install the following profiles after a device checks in and a macOS update is detected:
- Custom Configuration Profile
- Extensible Single SignOn
- Extensible Single SignOn Kerberos
- FileVault
- Firewall
- Kernel Extension Policy
- Login And Background Item Management
- Notification Setting
- Privacy Preference
- Software Update Policy for macOS
- System Extension Policy
- Web Content Filter
In addition, it is important to note that this can still leave a bit of a delay between the completion of the OS update and when the device actually contacts MDM. To further address this issue, our team has created a script that will force devices to check-in with MDM immediately after an update occurs to allow MDM to re-push any necessary profiles to allow the configurations to start functioning right away after the update. If you are interested, please contact our support team and they will provide you with the script and instructions to deploy it.