Question:
How does the MDM command to "Install major update" force macOS Sierra upgrades on DEP-enabled Macs?
Is the user asked to authorize the upgrade, or does the upgrade happen with or without user consent?
Answer:
It downloads the OS installer from the MAS, and triggers the startosinstall command line tool.
It behaves like a restart-required software update:
- If the user is logged-in and there is unsaved data, it will nag you that there is a pending software update and to please restart.
- If nobody is logged-in (i.e. at loginwindow), the OS upgrade starts without user intervention.
Question:
Can both the ALF and PF firewalls be configured via MDM?
Answer:
Yes, with caveats. Refer to Sierra's Profile Manager for the currently supported functionality.
Question:
Are the ALF and PF firewalls configured via Profiles (.mobileconfig) or directly via MDM commands?
Answer:
Configuration profile (.mobileconfig file)
Question:
Can firewall logging also be configured this way? If so, can the new log command line utility see the logs, so that firewall logs can be viewed as JSON?
Answer:
No.
See complete list of session and lab notes here: