Enable Auto Update

What the macOS Auto Update Enabler does

This Automox Worklet™ enables automatic update preferences on macOS endpoints by configuring the com.apple.SoftwareUpdate system preferences. The Worklet checks and enables five critical settings: AutomaticCheckEnabled, AutomaticDownload, ConfigDataInstall, CriticalUpdateInstall, and AutomaticallyInstallMacOSUpdates.

The Worklet ensures that endpoints download and install updates in the background while keeping GateKeeper and XProtect security signatures current. This means your endpoints receive the latest security patches without requiring user action.

Why enable automatic macOS updates

Keeping macOS endpoints current with the latest updates is critical for maintaining security and system stability. Manual update deployment is time-consuming and leaves endpoints vulnerable during periods when updates have not yet been installed.

Automatic updates reduce your security exposure by verifying GateKeeper and XProtect malware definitions update immediately when Apple releases new signatures. This is especially important because zero-day threats emerge continuously, and your endpoints need current protection.

By automating the update process, you eliminate the need for IT operations teams to manage individual endpoint updates, freeing resources for more strategic work while your infrastructure stays current automatically.

How macOS automatic update configuration works

1. Evaluation phase: The Worklet reads the com.apple.SoftwareUpdate preferences using defaults read and checks whether all five automatic update settings are enabled (set to value 1). If any setting is disabled, the Worklet triggers remediation.

2. Remediation phase: The Worklet writes new preferences using defaults write to set each disabled setting to true (boolean). This enables AutomaticCheckEnabled, AutomaticDownload, ConfigDataInstall, CriticalUpdateInstall, and AutomaticallyInstallMacOSUpdates on the endpoint.

Automatic macOS update requirements

• macOS Big Sur (11.0) or later, including Monterey and newer releases

• Both Intel and Apple silicon (M1 and later) architectures supported

• Root or administrative privileges to modify system Software Update preferences

• Works on both workstations and servers

Expected automatic update status

After the Worklet completes remediation, the endpoint will automatically check for available updates and download them in the background. Users will no longer need to manually initiate updates through System Preferences.

You can verify success by checking System Preferences > General > Software Update. All automatic update options (Check for Updates, Download new updates when available, Install system data files and security updates, Install system files and security updates, and Automatically install macOS updates) should show as enabled. GateKeeper and XProtect malware definitions will update automatically whenever Apple releases new signatures.

How to validate enable auto update changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for enable auto update.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit.

4. Validate remediation effects from script operations such as defaults, exit, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for enable auto update. This supports repeatable security workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as exit and remediation operations such as defaults, exit. Use these indicators to verify that endpoint changes match intended policy outcomes.