Sections
Purpose
To provide guidance for updating Apple devices (macOS, iOS, and iPadOS), and the process the OIT Managed Desktop Services team is using to notify users, provide patches, and addresses non-compliance.
What do I need to do?
You will receive a notification that your Apple computer requires a software update (image1). If updates are still available, subsequent messaging will be received to install available updates by a specific date and time (image2). Follow the steps outlined below based on your device type to ensure successful compliance. OIT Managed Desktop Services Support team members are available to assist with update related issues.
Managed Update Schedule
- 3rd Tuesday of the month, Apple updates are scheduled from our configuration management system (CMS)
- 4th Monday of the month, circa 8:00 AM, Apple updates are mandated
- 4th Friday of the month, tickets are generated for the OIT Managed Desktop Services team to follow-up.
Note: This scheduling works for most months. Depending on the calendar, follow-up tickets may be generated on the 5th Friday of the month.
Managed Update Schedule (CMPENTFO iPads)
- 2nd Wednesday of the month, Apple updates are scheduled from our configuration management system (CMS)
- 3rd Monday of the month, at 3:00 AM, Apple updates are mandated
- As time permits, tickets are generated for the OIT Managed Desktop Services team to follow-up.
User Actions —– macOS Computers—– User Actions
Watch for prompts like these.
Appears when Apple Software updates are available. (image1)
Managed update scheduled through the CMS (image2)
- Ensure the device is connected to a stable network
- Update your computer as your schedule permits
User Actions —– iPadOS/iOS Devices (iPads/iPhones) —– User Actions
- Ensure the device is connected to a stable network
- Updates will install automatically or prompt you with options depending on configuration.
Note: We recommend performing macOS updates manually once you are notified which will be prior to any mandated deadline.
⚠️ End of user responsibility ⚠️
For Support —– Apple Devices & Computers —– For Support
Apple’s Declarative Device Management (DDM) allows for the following update options. We are using "Schedule Install".
| Update Action | Description |
|---|---|
| Download Only | Downloads update, not installed |
| Download + Install | Installs after download |
| Schedule Install | Sets install time |
| Install + Deferral | User may defer update up to 99 times |
| Force Install + Restart | Update and restart occur automatically |
Only devices running macOS 14+ or iOS/iPadOS 17+ can receive managed updates.
Post update actions
After the initial push of updates, there inevitably will be some cleanup. To do this, we use a webhook, an API call, a Google Apps Script, and a Google Sheet to determine which computers still haven't been updated, and use this to automatically generate tickets.
- Update success is confirmed via webhook → API call → Google Sheet → INC created in the
OIT_DESKTOP_SUPPORTqueue. - Easily check compliance using a Jamf Pro Dashboard, computer record or Google Sheet
Links and Resources
Apple’s Worldwide Developers Conference
WWDC 2021 - Meet Declarative Device Management
WWDC 2022 - Adopt Declarative Device Management
WWDC 2023 - Explore Advances in Declarative Device Management
Jamf
Jamf - Getting to Know Declarative Device Management
Jamf - Managed software updates via DDM
Jamf Learn / Documentation - Declarative Device Management
Apple Platform Deployment Guide
Apple Platform Deployment - Declarative status reports for Apple devices
Apple Platform Deployment - Intro to declarative device management and Apple devices
Apple Platform Deployment - Software Update settings declarative configuration for Apple devices
NCSU EPS & Patch Policies
RUL 08.00.14 – System and Software Security Patching Standard
Title: OIT Managed Desktop Services - Apple Software Updates
Service: Security Policy & Compliance
Template if applicable: NA
Assignment Group(s): OIT_DESKTOP_SUPPORT
Document Owner: OIT_DESKTOP_SUPPORT
Available Priorities: Medium, Low
Keywords: EPS, macOS, iPadOS, iOS, iPhone, iPad, compliance, Endpoint Protection Standard, Device, Apple, Computer, update, software, patch, patching, management