NC State ServiceNow

Sections

Purpose
What do I need to do?
User Actions —– macOS Computers—– User Actions
User Actions —– iOS Devices (iPads/iPhones) —– User Actions
For Support —– Apple Devices & Computers —– For Support
Post update actions
Links and Resources

Purpose

To provide guidance for updating Apple devices (macOS, iOS, and iPadOS), and the process the OIT Managed Desktop Services team is using to notify users, provide patches, and addresses non-compliance.

What do I need to do?

You will receive a notification that your Apple device requires a software update. by a specific date and time. Follow the steps outlined below based on your device type to ensure successful compliance. OIT Managed Desktop Services Support team members are available to assist with update related issues.

User Actions —– macOS Computers—– User Actions

Watch for prompts like these.

Scheduled by OITMDS

Appears when Apple Software updates are available

Ensure the device is connected to a stable network
Update your computer as your schedule permits

*Note: We recommend performing macOS updates manually once you are notified which will be prior to any mandated deadline.

User Actions —– iOS Devices (iPads/iPhones) —– User Actions

Ensure the device is connected to a stable network
Updates will install automatically or prompt you with options depending on configuration.

⚠️ End of user responsibility ⚠️

For Support —– Apple Devices & Computers —– For Support

Apple’s Declarative Device Management (DDM) allows for the following update options. We are using "Schedule Install".

Update Action	Description
Download Only	Downloads update, not installed
Download + Install	Installs after download
Schedule Install	Sets install time
Install + Deferral	User may defer update up to 99 times
Force Install + Restart	Update and restart occur automatically

Only devices running macOS 14+ or iOS/iPadOS 17+ can receive managed updates.

Post update actions

After the initial push of updates, there inevitably will be some cleanup. To do this, we use a webhook, an API call, a Google Apps Script, and a Google Sheet to determine which computers still haven't been updated, and use this to automatically generate tickets.

Update success is confirmed via webhook → API call → Google Sheet → INC created in the OIT_DESKTOP_SUPPORT queue.
Easily check compliance using a Jamf Pro Dashboard, computer record or Google Sheet

Links and Resources

Apple’s Worldwide Developers Conference

WWDC 2021 - Meet Declarative Device Management

WWDC 2022 - Adopt Declarative Device Management

WWDC 2023 - Explore Advances in Declarative Device Management

Jamf

Jamf - Getting to Know Declarative Device Management

Jamf - Managed software updates via DDM

Jamf Learn / Documentation - Declarative Device Management

Apple Platform Deployment Guide

Apple Platform Deployment - Declarative status reports for Apple devices

Apple Platform Deployment - Intro to declarative device management and Apple devices

Apple Platform Deployment - Software Update settings declarative configuration for Apple devices

NCSU EPS & Patch Policies

RUL 08.00.14 – System and Software Security Patching Standard

Title: OITMDS - Apple Software Updates
Service: Security Policy & Compliance
Template if applicable: NA
Assignment Group(s): OIT_DESKTOP_SUPPORT
Document Owner: OIT_DESKTOP_SUPPORT
Available Priorities: Medium, Low
Keywords: EPS, macOS, iPadOS, iOS, iPhone, iPad, compliance, Endpoint Protection Standard, Device, Apple, Computer, update, software, patch, patching, management