(147) Microsoft Intune - Block macOS 15.0 Sequoia from installing

Had a customer who wants to prevent from being upgraded to macOS 15.0 as you may know, Defender may not work on the macOS 15.0 (Sequoia). There is a known issue mentioned as per article https://learn.microsoft.com/en-us/defender-endpoint/mac-whatsnew#sequoia-support

To ensure this applies to all macOS devices, we should be setting changes by creating a Settings Catalog policy via https://intune.microsoft.com/

Then under settings catalog, search against Restrictions.

• Force Delayed Major Software Updates = True

• Enforced Software Update Delay = 90

• Enforced Software Update Non OS Deferred Install Delay = 7

• Force Delayed App Software Updates = True

• Enforced Software Update Major OS Deferred Install Delay = 90

• Allow Rapid Security Response Installation = True

• Allow Rapid Security Response Removal = False

• Enforced Software Update Minor OS Deferred Install Delay = 90

• Force Delayed Software Updates = True

Then under settings catalog, search against Software Update.

• Config Data Install = True

• Automatically Install Mac OS Updates = False

• Automatic Check Enabled = True

• Allow Pre Release Installation = False

• Critical Update Install = True

• Restrict Software Update Require Admin To Install = False

• Automatic Download = False

To ensure macOS devices, do not get upgraded to 15.0 and stay at 14.7, do the following: To ensure this applies to all macOS devices, we should be setting changes by creating a Settings Catalog policy via https://intune.microsoft.com/

Then under settings catalog, search against Software Update where

• Target Build Version = 23H124

• Target Date Time (UTC) = 10/08/2024 12 AM (Choose a date/time before the current date)

• Target OS Version = 14.7

For macOS Devices already on 15.0 or higher, it will show as an 'Error'.