New MacOS DDM Updates Configuration policy #159
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Seems sync issue on my part.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello,
Here is a submission for new DDM Policy sinces old macOS updates policies are deprecated and the road forware are using Declarative Device management policies. So here they come.
The polices are to be used in place of the one Policy currently available as OIB (i marked it as deprecated), but i would recommend they are removed.
Aand sorry if i missed something, first time forkin/pull requesting/participating in a repository.
MacOS - OIB - Updates - D - DDM Updates Configuration v1.0.json
Enable user to update (not explained by CIS, but is something to discuss since by experience most users on macos are ok with it)
Automatic Actions
-- Download : AlwaysOn (CIS Recommendation)
-- Install OS Updates : Always On
Install Security Update : AlwaysOn (CIS Recommendation)
Rapid Security Response
-- Enable : Enabled (CIS Recommendation)
-- Enable Rollback : Enabled
Deferrals (Goal here is to have some granular control in the baseline.)
-- Major Period In Days : 30 (CIS Recommendation says equal or less than 30)
-- Minor Period In Days : 15
-- System Period In Days : 15