Getting Started

Endpoints

Patch Management

Vulnerability Management

Software Deployment & IT Assets

Automation & Remote Desktop

Real-Time Reports & Alerts

Account Access & Management

SSO Authentication

Security Concerns

Need Help?

Action1 5 Documentation 5 Updates Deployment and Reboot Behavior on macOS

Updates Deployment and Reboot Behavior on macOS

This section describes how macOS updates are deployed on the managed endpoints with the Deploy Update automation, how the reboot is initiated during the automation run, and what factors can influence reboot behavior.

With the Automatically reboot option selected and reboot prompt enabled, the automation settings look as follows:

Reboot prompt enabled in the automation settings.

The system or app update process on macOS endpoints follows these steps:

  1. The automation starts, and the update is downloaded from the cloud.
  2. A reboot prompt is displayed to the logged-in user, and the countdown starts.
  3. The update setup runs.
  4. The endpoint reboot is performed according to user’s response to the reboot prompt:
      • Immediately — if the user clicks Reboot Now
      • After timeout —  if the user takes no action and the reboot prompt timeout expires. In the example below, the reboot prompt timeout is 7 minutes:
Reboot prompt displayed to macOS endpoint user.

The prompt remains visible until the reboot or until the user clicks Cancel to hide it.

  • If a user clicks Cancel :
    • Prompt is hidden.
    • Reboot is not performed.
    • Corresponding update deployment is not a success, so the following error is written to the automation history: “Reboot was canceled by the user. The macOS system update was not installed.”
Error written to automation History for Mac after reboot was cancelled.
  1. After the successful reboot, the update deployment is completed.

NOTE: Clicking Cancel in the reboot prompt does not prevent the need for a reboot. If the automation is scheduled to run periodically, the reboot prompt will be shown at its next run. To complete the update deployment, the endpoint user should either click Reboot Now or take no action so that the reboot occurs after the reboot prompt timeout expiration.

How do the automation completion deadline and reboot timeout influence the reboot attempt?

In general, the Action1 agent should perform all automation operations (download and install the update, reboot the endpoint) within the completion deadline. Thus, you should plan for this deadline thoroughly.

  • For example, do not set the automation completion deadline to 1 hour if you need to deploy multiple system updates that require a reboot. Specify a more reasonable interval.
  • Also, pay attention to the endpoint uptime: if it is off and then goes online just before the automation completion deadline, the agent may not be able to perform all automation operations within the remaining time interval.

The general flow is shown in the diagram below. To learn about some specific scenarios, see the “Reboot Behavior” section below.

Reboot flow on macOS.

 

 

What if the reboot prompt is disabled?

In this case:

  • No reboot prompt is displayed to the endpoint user.
  • The update is not deployed.
  • The automation fails, and an error is recorded in History, as in the example above.

How can I customize the reboot prompt?

See the “Reboot Prompt Customization” section for detailed instructions.

Reboot Behavior

The next sections explain the factors that can influence the reboot behavior (when the reboot prompt is enabled in the automation settings).

User State

User state

No logged in users
User is logged in but inactive (e.g., with the locked screen)
User is logged in and active
More than one user logged in, but all are inactive
More than one user logged in, and one is active

Prompt

Not applicable
Shown only when the user becomes active (if the reboot timeout has not expired by the unlock)
Shown to that user
Shown to the user who last logged in to the console
Shown to the active user

Reboot

Immediate reboot after update download and setup
If the reboot timeout has expired by the unlock, the reboot starts immediately when the user unlocks the screen. If not expired, then according to user's response to prompt.
According to user's response
According to that user's response
According to that user's response

Endpoint State

Endpoint state

Disconnected from Action1 at the time of the scheduled automation run
In Sleep mode
Rebooted before the automation (with reboot) run
Action1 agent not running at the time of the scheduled automation run
Action1 host unreachable during the automation being configured or when it runs

Automation & reboot

If the agent received the automation configuration prior to disconnection, the automation (and reboot) will proceed according to its settings.
The agent may execute the automation during periodic wake events. If started, the automation (and reboot) will proceed according to its settings.
Depends on the type of reboot that occurred. macOS supports several reboot types. The Deploy Update automation triggers the specific reboot required for system update installation.
  • E.g., if a user initiated a standard reboot by clicking "Restart", this does not affect a Deploy Update automation, which will run as usual (including the endpoint reboot).
NOTE: If the user initiated the standard "Restart" after receiving a reboot prompt from Action1 (within the automation window), the behavior will be similar to clicking Cancel in the Action1 prompt.
  • If another process installed the update and finalized its deployment with a reboot before the automation run time, Action1 will not trigger the additional reboot.
The automation proceeds after the agent resumes (if the automation deadline has not expired).
If Action1 host is unavailable at the moment when Automation is being configured on the agent side, the agent will wait for the connection to be restored:
  • If the agent already received the automation configuration, the automation will run as configured. E.g., if the deadline has expired, the automation does not start.
  • If the agent did not receive the configuration, the automation starts after the connectivity is restored, as long as the deadline has not expired.

Scheduling & Timing

Scenario

Action1 server and agent are in different time zones
Scheduled time for the automation run (with reboot) already passed

Behavior

This does not affect the planned reboot behavior.
If the automation is scheduled to run periodically, the reboot will take place at its next run.