Managed software updates via DDM

How IT has managed software updates

Updating devices has gone through many iterations over the years. At first, users would do it themselves. After that, there was Imaging for macOS or Configurator for iOS. Then, admins could use Jamf Pro to send a mass action command to individual or groups of computers, or they could use a policy.

Managed software updates powered by DDM add more capabilities to Apple's MDM protocol, making software updates even easier.

Why DDM?

DMM allows managed devices to proactively and autonomously apply management settings and report state changes to the MDM server asynchronously. This results in less back-and-forth communication with the MDM server and faster, more reliable device updates.

See a full overview of Declarative Device Management.

Managed software updates via DDM

Managed software updates empower Apple admins to better schedule and enforce the latest software updates to managed devices.

In the past, devices would need to consistently check in with Jamf Pro to refresh the latest data. Now, with managed software updates via DDM, admins can specify the date and time of updates. Devices inform Jamf Pro when a change is made, instead of the MDM server constantly checking.

This gives admins a better view into when updates are starting, installing and completing— notifying end users in a timely fashion.

Communication and reliability of managed software updates

Now, users will know exactly when an update is going to occur on a device. If a device can’t update due to an issue such as power, battery life or storage, it continues attempts until the update is complete.

A common challenge is automatically pushing iOS or iPadOS updates out to devices with the Lock Screen enabled.

Why? Because the update will not occur until the device is unlocked and then manually prompted.

Now, updates on iOS-based devices with passcodes are better enforced because the lock screen on iOS/iPadOS uses the passcode to generate an authorization token which is then stored to approve the update installation.

This means these devices can be updated without requiring end users to unlock their devices.

Authorization tokens will expire for safety. Devices that have not been unlocked after a certain time will not update automatically, but the user will still be prompted to update upon unlocking their device.

Configuring software update plans

Building a plan for software updates is a simple task.

Navigate to Computers (or Devices) → Software Updates.

Choose the Install Action for the update you will use, the OS version or build you want enforced, and specify the date and time updates will be applied. Then select apply.

Once you have defined and approved an update plan, macOS will handle user notifications and reminders leading to the eventual enforcement deadline and update. Computers will proactively and autonomously give feedback to Jamf Pro regarding the update progress.

For end users, they receive a visible, yet nonintrusive, notification about the date and time the update will be applied.

Modern software updates

Managed software updates are an exciting evolution in how IT admins can update devices. Better scheduling, deferral options, automation and enforcement allow IT admins to have more control. They can determine what updates deploy, when they will be applied, and gain more insight into how those updates are progressing.

This feature is still in beta as we gather customer feedback and at this time is only available to Jamf Cloud customers running Jamf Pro 11.0 or later. To use this feature, computers must be running macOS 14 or later and mobile devices must be running iOS 17/iPadOS 17 or later.