As forewarned in my prior post, here’s a post detailing methods to block tof macOS Big Sur.

In truth, the majority of this post will be rehashing items mentioned in previous post titled: Blocking macOS Catalina with Jamf Pro.

But there are a couple of amendments, with most not being Jamf Pro specific.

Why block?

Well, simply not every organisation will be available day one.

Often there are some third party software needed on all devices, which itself does not offer day zero support for new OS’s.

Whilst moving to another product is certainly the best course long term, often Mac Admins are not the folks able to drive changes like that overnight.

At dataJAR, where we’re the Apple MSP for folks, we’re in a similar situation.

So, we tend to block these macOS upgrades, then test a single device in a customers environment to ascertain compatibility and resolve issues as needed.

Finally we can rubber stamp the OS and assist with rolling out.

Deferral

As macOS Big Sur is being offered via Software Update, we can defer is using Managed Software Updates.

But, this would not stop folks from downloading via the App Store and then running.

At the time of writing, the ID of macOS Big Sur is 001-79699, as such when a deferral is in place you’ll see messages like the below in /var/log/install.log:

2020-11-16 22:06:37+00 exampleMac softwareupdated[28044]: Using PostDate for deferral start date
2020-11-16 22:06:37+00 exampleMac softwareupdated[28044]: Product 001-79699 is deferred until 2020-12-12 18:00:08 +000

The above is for a 30 day deferral.

Ignore

Again, as macOS Big Sur is being offered via Software Update we can also ignore it as per what we did for macOS Catalina.

However, there are some changes this year and Rich Trouton (as ever), has a great blog post detailing some of these changes and new requirements.

Block

And we can also block the “Install macOS Big Sur.app”

Jamf Pro

As per the similar post for macOS Catalina, we can block the macOS Big Sur app via Jamf Pro Restricted Software feature.

For this, you can use the process name of “Install macOS Big Sur.app” and after the management framework is updated on a macOS device in scope it’ll have the block in place.

A few Admins have found that instead of blocking the various OS’s install .app, they can instead block the “InstallAssistant” process.

This blocks all install .app’s, but allows for upgrades to occur via startosinstall, and as such workflows like this can be followed from within Jamf Pro.

Big Sur Blocker

Big Sur Blocker is a binary which detects when “Install macOS Big Sur.app” application has launched, terminates the process and displays an alert to the user.

This doesn’t leverage Jamf Pro, so can be deployed whatever management solution you use.

It’s also configurable via a profile, including what app to block, and will not stop startosinstall. Allowing for an admin curated workflow to still proceed unhindered.