Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Device management (MDM) Endpoint operations Vulnerability management Integrations
Docs REST API Guides Built-in queries Data tables SUPPORT Chat Hosting Release notes Get your license Contribute
Community
Chat News Podcasts Articles COMPANY Handbook Logos/artwork Why open source?
Pricing Start now

Enforce OS updates

{{articleSubtitle}}

| The author's GitHub profile picture

Noah Talerman

Subscribe A pencil iconEdit page

Enforce OS updates

Available in Fleet Premium

In Fleet you can enforce OS updates on your macOS, Windows, iOS, and iPadOS hosts remotely using the Fleet UI, Fleet API, or Fleet's GitOps workflow.

Fleet UI:

  1. Head to the Controls > OS updates tab.

  2. To enforce OS updates for macOS, iOS, or iPadOS, select the platform and set a Minimum version and Deadline.

  3. For Windows, select Windows and set a Deadline and Grace period.

Fleet API: API documentation is here.

End user experience

macOS

When a minimum version is enforced, the end users see a native macOS notification (DDM) once per day. Users can choose to update ahead of the deadline or schedule it for that night. 24 hours before the deadline, the notification appears hourly and ignores Do Not Disturb. One hour before the deadline, the notification appears every 30 minutes, and then every 10 minutes.

If the host was turned off when the deadline passed, the update will be scheduled an hour after it’s turned on.

For macOS devices that use Automated Device Enrollment (ADE), if the device is below the specified minimum version, it will be required to update to the very latest OS version during ADE before device setup and enrollment can proceed.

macOS (below version 14.0)

End users are encouraged to update macOS (via Nudge).

Nudge window

> 1 day before deadline < 1 day before deadline Past deadline
Nudge window frequency Once a day at 8pm GMT Once every 2 hours Immediately on login
End user can defer
Nudge window is dismissible

iOS and iPadOS (version 17.0 and above)

For iOS and iPadOS devices that use Automated Device Enrollment (ADE), if the device is below the specified minimum version, it will be required to update to the very latest OS version during ADE before device setup and enrollment can proceed.

Windows

End users are encouraged to update Windows via the native Windows dialog.

Before deadline Past deadline
End user can defer automatic restart

If an end user was on vacation when the deadline passed, the end user is given a grace period (configured) before the host automatically restarts.

Fleet enforces OS updates for quality and feature updates. Read more about the types of Windows OS updates in the Microsoft documentation here.

iOS and iPadOS

When a minimum version is enforced, end users will see a notification in their Notification Center after the deadline. They can’t use their iPhone or iPad until the OS update is installed.

Get started

Start now Talk to us