Why Does Proximos Exist?

Proximos was inspired by the firsthand experience of a career Mac admin and the ongoing struggles many organizations face with managing macOS updates effectively. We kept hearing the same complaint from fellow Mac IT professionals: keeping our Mac fleet updated and current is hard! Work on Proximos began during the macOS Monterey (12) era as a bash shell script, before Apple had even announced Declarative Device Management (DDM). The goal was never to race a specific Apple framework — it was to build the orchestration layer Mac admins were clearly missing. That conviction held even once DDM arrived years later, and Proximos was carried through to completion because the need it solved never went away. See What About DDM? for how the two now work together. I seems like enabling “Automatic Updates” should be all that’s needed.. In practice, it is one of the more stubborn problems in Mac device management — not because the technology is complicated, but because the experience is fundamentally cooperative. Unlike a server patch cycle that runs unattended overnight, a macOS update on an end-user Mac almost always requires that human being to enter their own password, accept a restart, and give up their Mac for a period of time. No MDM command, declarative configuration, or enforcement tool can bypass that fact on its own. The technology can only get a user to the point of saying yes — it cannot say yes for them (with the narrow exception of startosinstall, which requires its own set of credentials and tradeoffs; see Proximos startosinstall Major Enforce.sh). Apple’s own tools reflect this reality. DDM is a meaningful step forward over older forced-update mechanisms, but it comes with a long list of real-world conditions that can quietly prevent an update from ever installing — a closed lid, a battery under 50%, unsaved documents in an open app, or simply a user who keeps deferring past DDM’s patience window. (See What About DDM? for a full breakdown.) Nudge, the excellent open-source tool from the Mac Admins community, solves the enforcement UI problem well, but it is a single building block. Proximos exists to fill the space between these and other third party tools — orchestrating notification, countdown, and enforcement into one coherent daily workflow, instead of asking IT teams to assemble that workflow themselves out of scripts, plists, JSON configuration files, and cron-like scheduling. Three principles shaped how it was built: Encouragement first, enforcement second. Because a user’s cooperation is almost always required, Proximos is designed around a graduated experience: friendly, branded countdown notifications well in advance of any deadline, followed by Nudge enforcement only once that deadline has actually arrived. The goal is a user who updates voluntarily because they understood the ask, not one who feels ambushed by a sudden hard block. Built for the realities of MDM-managed fleets. Configure once on an admin Mac, export, and deploy — to five Macs in a small office over AirDrop, or to ten thousand Macs with an MDM solution like Jamf Pro. Proximos gives your MDM a purpose-built macOS update workflow to deploy, with built-in CLI hooks, extension attributes, and PPPC profiles so it integrates cleanly into whatever you already have running. Built to meet ever-tightening patching requirements. Patch compliance expectations have only grown stricter over time. Cyber liability insurance carriers increasingly require documented, prompt patching policies as a condition of coverage, and other compliance frameworks impose their own enforcement windows. Proximos fills that space too — the Enforce Update On Day setting can be set as tight as a 48-hour window to satisfy a carrier’s requirement, with the full countdown and enforcement timeline documented and auditable through the runtime plist and MDM extension attributes.