Definitely reach out to your MDM vendor and ask about support for this.
There's major MDM protocol handholding song-and-dance they'll need to implement for this to even remotely work.
And your clients will need to be receiving ConfigData updates to get that notification bundle that unlocks all this. If you're doing "assisted" updates with managed Software Update settings and those are disabled, your clients will never see the OS upgrade as available.
Very likely you could force out this update to your clients if you download the notification bundle directly to unlock the OS upgrade.
But it has to be Apple's package, it puts content in /System where third-party packages can't.
But we're, what, 3 weeks after Mojave came out and this notification bundle is just now being published?
So that's another radar - MDM based OS upgrades are gated on the release cycle of this ConfigData.
Which means you can't do it day 1 for your fleet, gotta wait.
It's not our fault Apple has tied their upsell nag to MDM based OS upgrades.
The feature needs to be split or they need to modify their upsell nag to include NotBefore date for the nag itself so the ConfigData can at least go out day 1.
And yeah- the DEP-only thing … is likely because UAMDM literally didn't exist when this MDM functionality was created
And hasn't been updated since because pretty much nobody but Profile Manager was doing this mechanism
And now it's too late to fix 10.13 to unlock it for UAMDM
The undocumented ConfigData requirement, gotchas like power, and the very touchy back-and-forth protocol sequence all line up with why no 3rd party vendors have implemented this.
They all probably figured it was a half-baked feature.
And yet ... if you can get this thing to fire ... gut feeling is that it's a more reliable kickoff than *any* startosinstall automation that anyone out there in the #macadmin community is doing with their tooling.
It's too late for this mechanism to be used for your Mojave rollout unless you're a 100% DEP shop.
But it's not too late to get this into a reasonable shape for the #macadmin community to finally be able to use it for 10.14 -> 10.15 and beyond.
POKE YOUR MDM VENDOR ABOUT THIS
• • •
Missing some Tweet in this thread? You can try to
force a refresh
As a reminder to anyone out there that's dealing with the TLS 1.2 cutover on python's pypi on macOS 10.12: You may still get stung by it if you end up unfortunately needing to deal with setuptools / easy_install packages that you can't get through pip.
This results in a "tlsssl-1.1.0.pkg" package you can install on 10.12 that will hotfix ssl to support TLS 1.1/1.2 in most situations.
Basic usage to get there on 10.12:
- download repo
- cd into code/openssl and run: sudo /usr/bin/python setup.py -vv -p -b -i
- cd into code/tlsssl and run: /usr/bin/python setup.py -vv -b -p