Software Update Settings

The software update policy settings specify these parameters are to support software updates on iPhone, iPad, and Mac devices, which can now be managed entirely with declarative device management, replacing the MDM profiles for software update restrictions, settings, and software update commands and queries. This policy is supported on iOS 18 and later devices and on macOS 15 and later devices.

Procedure

Select Policies & Configs > Policies.
Select Add New > Apple > iOS / macOS > Software Update Settings.
Use the guidelines in the Software Update Settings table below to complete the New Software Update Settings dialog box.
Select Save.
Apply the policy to an iOS or macOS label.

**Table 26.** Software Update Settings
Item	Description
Name	Enter a name for the policy.
Status	Select the relevant radio button to indicate whether the policy is Active or Inactive. Only one active policy can be applied to a device.
Priority	Specifies the priority of this policy relative to other custom policies of the same type. This priority determines which policy is applied if more than one policy is available. Select Higher than or Lower than, then select an existing policy from the drop-down list. For example, to give Policy 'A' a higher priority than Policy B, you would select “Higher than” and “Policy B”.
Description	Enter an explanation of the purpose of this policy.
Allow Standard User OS Updates (Boolean)	If true, a standard user can perform updates and upgrades. If false, only administrators can perform updates and upgrades.
Automatic Actions	The Automatic Actions dictionary contains keys like: Download: Specifies whether automatic downloads and preparation of available updates only (not upgrades and Rapid Security Responses). You can select as per your requirement: Allowed: The user can turn on or turn off automatic downloads. Always On: Automatic downloads are always turned on. Always Off: Automatic downloads are always turned off. Install OS Updates: Specifies whether automatic installation of available operating system updates only (not upgrades and Rapid Security Responses). You can select as per your requirement: Allowed: The user can turn on or turn off automatic installations. Always On: Automatic installations are always turned on. Always Off: Automatic installations are always turned off. Install Security Updates (only for MacOS): Specifies whether automatic installation of available security updates. You can select as per your requirement: Allowed: The user can turn on or turn off automatic installations. Always On: Automatic installations are always turned on. Always Off: Automatic installations are always turned off.
Deferrals	The Deferrals dictionaries offer different keys to configure the behavior depending on the platform (no defaults, not required): Combined Period in Days: Specifies the number of days to defer a software update. When set, software updates and upgrades appear only after the specified delay, following the release of the software update or upgrade. Major Period in Days: Specifies the number of days to defer a software upgrade on the device. When set, software upgrades appear only after the specified delay, following the release of the software upgrade. Minor Period in Days: Specifies the number of days to defer a software update only (not a software upgrade or Rapid Security Response) on the device. When set, software updates appear only after the specified delay, following the release of the software update. System Period in Days: Specifies the number of days to defer non-operating system updates. When set, updates appear only after the specified delay, following the release of the update.
Notifications (Boolean)	If true, the device shows all software update enforcement notifications. If false, the device only shows notifications triggered one hour before the enforcement deadline and the restart countdown notification.
Rapid Security Response (Boolean)	The Rapid Security Response dictionary contains: Enable: If false, Rapid Security Responses aren’t offered for user installation. This defines whether Rapid Security Responses are automatically installed on your devices. Enable Rollback: If false, Rapid Security Response rollbacks aren’t offered to the user. This controls whether you have the option to remove a Rapid Security Response.
Recommended Cadence (String)	Specifies how the device shows software upgrades to the user. When a software update and upgrade is available, the device behaves as follows: All: Shows all software updates and upgrades. Oldest: Shows only updates for the oldest (lower numbered) software version. Newest: Shows only a software upgrade to the newest (highest numbered) software version.