What you need to think about
The background nature of these security patches is good for most of us most of the time, though some users and certainly some MacOps professionals will want to disable the feature. There are, after all, many enterprises that need to test and approve software patches before they can be installed across their device fleets.
Admins need to ensure their MDM systems can accurately parse data on which updates have been installed across their fleets; hopefully, Declarative Device Management will be (or has already been) updated to provide IT with up-to-date information on this. They will want to be certain all devices have been updated, if company policy is to permit such updates.
It’s worth noting that Apple also patched around 50 vulnerabilities within the same software update that introduced Background Security Improvements. This in itself should be food for thought for Apple users and Apple admins, as it shows the scale of the threat environment and reinforces the need for swift and timely security updates/
