Microsoft Intune provides a streamlined approach to managing Apple OS updates across devices, allowing IT administrators to schedule and deploy updates remotely. With Intune, administrators can define specific update policies for iOS, iPadOS and macOS devices, ensuring that they remain secure and compliant with organizational standards.
Intune’s integration with Apple’s DDM protocols enables it to push updates efficiently, minimizing disruption for end users while maintaining control over update timing and compliance.
Table of Contents
What’s Apple DDM?
Apple Introduced recently “Declarative device management” or DDM which is the future of Apple device management, enabling devices to apply settings and report their status back to the mobile device management (MDM) solution asynchronously, without requiring continuous polling information from the device.
This approach enhances performance and scalability, offering a modern method for managing software updates. It supports proactive status reporting from devices as configurations and values change, ensuring the MDM solution always has an up-to-date view without frequent queries.
Rather than issuing continuous commands to the device to prompt a software update every sync, the MDM solution simply defines the target operating system version, allowing the device to handle the update process itself. This results in a more reliable managed update process by delegating the task for the device.
In the latest WWDC, Apple announced Full Software Update Control for MacOS and for iOS/iPadOS as well
What’s Intune Capabilities to control iOS/iPadOS via DDM?
Microsoft Intune announced Day Zero Support for Apple software and that’s explaining how the new DDM Management are available prior launching the new OS.
For MacOS: Microsoft Intune Support Software Update Settings >> which is configuring General Update Settings
and Software Update >> which is intended to push exact update version to the device.
Same for iOS/iPadOS: Software Update Settings >> for configuring General Update Settings
and Software Update for installing specific build on the device
What’s Device Requirements for DDM Policies to work?
For iOS/iPadOS Devices:
Devices MUST be supervised (enrolled via Apple Business Manager, Apple Configurator), Personal Owned devices enrolled through Device Enrollment or Apple User Enrollment are not eligible for DDM Policies.
For MacOS Devices:
Corporate Enrollment for MacOS (through Apple Business Manager, Direct Enrollment) are 100% getting the device supervised.
How to see DDM settings or Update applied on the device?
For Both MacOS and iOS/iPadOS it’s the same path via Settings > General > VPN and Device Management
For iOS you just need to select Configurations to see all Software Update Config.
Software Settings will show as below
and Software Update is
and for MacOS, you need to select “Management Profile” and scroll to the bottom to see it
Software Settings shows like
and Software Update
Can we Push DDM Software Update and Update Settings at the same Time?
Yes, and that’s the beauty of DDM. You can push all update configurations and tasks to the device and it’s going to perform them all per schedule and as expected then report it to MDM Solution.
for example: in the below configuration, we’ve turned off all Download, install and discover options (deferral is set to 90 days). Manual check for updates returns nothing.
At the same time the device is ordered to download and install specific OS update.
So, when user tries to check for new Updates the Update Settings will block this action
Conclusion
In conclusion, the introduction of Apple Declarative Device Management (DDM) represents a significant advancement in the ecosystem of managing Apple devices through Microsoft Intune. As the complexities of device management continue to evolve, DDM offers a streamlined, efficient approach that enhances the deployment and management of software updates.
This new method not only simplifies the administrative burden but also aligns with the growing demand for seamless integration and automation in device management. For engineers, adopting DDM in conjunction with Intune is not merely an option but a strategic imperative to future-proof their device management practices. As we look ahead, it is clear that Apple DDM will play a pivotal role in shaping the future of device management, making it an essential consideration for any organization invested in Apple technology.
Check More articles from Intune Bytes >> Click Here
Leave a Reply