macOS - Software - Download Latest macOS Installer

What the Latest macOS Downloader does

This Automox Worklet™ downloads the latest available macOS installer from Apple's software update servers to your endpoints. The Worklet determines the current latest macOS version by querying Apple's support documentation, then uses the softwareupdate command to fetch the full installer to the /Applications folder.

Before initiating the download, the Worklet performs extensive compatibility checks. It verifies that the endpoint runs macOS Catalina or later (required to cache installers), confirms the endpoint is not already on the latest version, checks for at least 25 GB of free disk space, and validates Secure Token status on Apple Silicon Macs.

Why pre-stage macOS installers

Pre-staging the macOS installer separates the lengthy download process from the actual upgrade. macOS installers are typically 12-15 GB, and downloading during the upgrade window extends user downtime significantly. By caching the installer ahead of time, you reduce the upgrade process to just the installation phase.

This approach also allows you to schedule downloads during off-peak hours when bandwidth is available, then trigger upgrades during maintenance windows. If network connectivity is lost during download, macOS automatically cleans up partial downloads, so no manual intervention is required.

For fleet-wide upgrades, pre-staging prevents bandwidth congestion that occurs when many endpoints attempt to download the installer simultaneously. You can stagger the downloads across days or weeks before the upgrade deadline.

How macOS installer download works

1. Evaluation phase: The Worklet checks if the endpoint runs macOS Catalina (Darwin 19) or later. It compares the current macOS version against the latest available version from Apple. It verifies at least 25 GB of free disk space, checks if an installer is already cached in /Applications, and validates Secure Token status on Apple Silicon endpoints.

2. Remediation phase: The script runs softwareupdate --fetch-full-installer with the latest version number. On Apple Silicon Macs, it uses either the Automox service account or the current console user with Secure Token enabled. On Intel Macs, it runs the command directly. After download, the script verifies the installer exists in /Applications.

macOS download requirements

• macOS Catalina (10.15) or later as the current operating system

• At least 25 GB of free disk space

• Network access to Apple's software update servers

• Apple Silicon: Secure Token enabled for Automox service account or console user

• Hardware compatible with the latest macOS version (generally 2018 or newer)

• Extended Worklet timeout (download may take up to one hour)

Expected state after installer download

After successful remediation, the macOS installer application appears in the /Applications folder with a name like "Install macOS Sonoma.app" or "Install macOS Sequoia.app" depending on the current latest version. The installer is ready for the Upgrade macOS Worklet to execute the actual upgrade process. You can verify this change through the Automox Activity Log or by checking the endpoint configuration directly.

You can verify the download by checking for Install*.app in /Applications or by reviewing the Worklet execution logs. The logs indicate the exact version downloaded and confirm successful caching. If the download fails, macOS automatically removes partial files, so no manual cleanup is needed.

How to validate download latest macos installer changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for download latest macos installer.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as function, exit, beginCheck.

4. Validate remediation effects from script operations such as function, exit, sudo, then rerun evaluation for compliance.