DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

DDM (Declarative Device Management) and managing Apple Updates via Intune

Microsoft Intune provides a streamlined approach to managing Apple OS updates across devices, allowing IT administrators to schedule and deploy updates remotely. With Intune, administrators can define specific update policies for iOS, iPadOS and macOS devices, ensuring that they remain secure and compliant with organizational standards. 

Intune’s integration with Apple’s DDM protocols enables it to push updates efficiently, minimizing disruption for end users while maintaining control over update timing and compliance.

What’s Apple DDM?

Apple Introduced recently “Declarative device management” or DDM which is the future of Apple device management, enabling devices to apply settings and report their status back to the mobile device management (MDM) solution asynchronously, without requiring continuous polling information from the device. 

This approach enhances performance and scalability, offering a modern method for managing software updates. It supports proactive status reporting from devices as configurations and values change, ensuring the MDM solution always has an up-to-date view without frequent queries.

Rather than issuing continuous commands to the device to prompt a software update every sync, the MDM solution simply defines the target operating system version, allowing the device to handle the update process itself. This results in a more reliable managed update process by delegating the task for the device.

In the latest WWDC, Apple announced Full Software Update Control for MacOS and for iOS/iPadOS as well

What’s Intune Capabilities to control iOS/iPadOS via DDM?

Microsoft Intune announced Day Zero Support for Apple software and that’s explaining how the new DDM Management are available prior launching the new OS.

For MacOS: Microsoft Intune Support Software Update Settings >> which is configuring General Update Settings

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

and Software Update >> which is intended to push exact update version to the device.

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

Same for iOS/iPadOS: Software Update Settings >> for configuring General Update Settings

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

and Software Update for installing specific build on the device

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

What’s Device Requirements for DDM Policies to work?

For iOS/iPadOS Devices:

Devices MUST be supervised (enrolled via Apple Business Manager, Apple Configurator), Personal Owned devices enrolled through Device Enrollment or Apple User Enrollment are not eligible for DDM Policies.

For MacOS Devices:

Corporate Enrollment for MacOS (through Apple Business Manager, Direct Enrollment) are 100% getting the device supervised.

Personal Owned devices enrolled via Device Enrollment (Company Portal) also makes the device supervised.

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

How to see DDM settings or Update applied on the device?

For Both MacOS and iOS/iPadOS it’s the same path via Settings > General > VPN and Device Management

For iOS you just need to select Configurations to see all Software Update Config.

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

Software Settings will show as below

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

and Software Update is

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

and for MacOS, you need to select “Management Profile” and scroll to the bottom to see it

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

Software Settings shows like

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

and Software Update

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

Can we Push DDM Software Update and Update Settings at the same Time?

Yes, and that’s the beauty of DDM. You can push all update configurations and tasks to the device and it’s going to perform them all per schedule and as expected then report it to MDM Solution.

for example: in the below configuration, we’ve turned off all Download, install and discover options (deferral is set to 90 days). Manual check for updates returns nothing.

At the same time the device is ordered to download and install specific OS update.

So, when user tries to check for new Updates the Update Settings will block this action

DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune
DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune
DDM- DDM (Declarative Device Management) and managing Apple Updates via Intune

Conclusion

In conclusion, the introduction of Apple Declarative Device Management (DDM) represents a significant advancement in the ecosystem of managing Apple devices through Microsoft Intune. As the complexities of device management continue to evolve, DDM offers a streamlined, efficient approach that enhances the deployment and management of software updates.

This new method not only simplifies the administrative burden but also aligns with the growing demand for seamless integration and automation in device management. For engineers, adopting DDM in conjunction with Intune is not merely an option but a strategic imperative to future-proof their device management practices. As we look ahead, it is clear that Apple DDM will play a pivotal role in shaping the future of device management, making it an essential consideration for any organization invested in Apple technology.

Check More articles from Intune Bytes >> Click Here

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me A Coffee