Software Update Management - DDM
The Software Update Management payload allows IT administrators to configure OS update deferral periods, manage automatic download and installation of OS and security updates, and define the update cadence based on organizational requirements using Declarative Device Management (DDM). It also supports enabling Rapid Security Responses to ensure critical security fixes are applied quickly, with an option to allow rollback if required. Supported on iOS/iPadOS 18.0 onwards.
Note: This profile is available only for Device Enrollment
Steps to Configure Software Update Management payload
On the SureMDM Web Console, navigate to:
Profiles > iOS/iPadOS > Add > Software Update Management (DDM) > ConfigureEnter a Profile Name
In the Configure Software Update Management screen, configure the required options under the available accordions.
Deferral Management
| Setting | Description |
|---|---|
| OS Update Deferral Period | Specify the number of days to defer OS software update on the device. When set, software updates only appear after the specified delay, following the release of the software update. |
Note: For devices using iOS 18.0 or later, we recommend using this payload for deferrals and disable the Force Delayed Software Updates restriction if it is configured in the Device Restrictions payload.
Automatic Software Update Action Management
| Setting | Description |
|---|---|
| Automatic Download of Available Updates | Specify the action type Allowed – The user can enable or disable automatic downloads on the device. Always On – Automatic downloads are always enabled and cannot be disabled on the device. Always Off – Automatic downloads are always disabled and cannot be enabled on the device. |
| Automatic Installation of OS Updates | Specify the action type Allowed – The user can enable or disable automatic installation of OS Updates on the device. Always On – Automatic installations of OS Updates are always enabled and cannot be disabled on the device. Always Off – Automatic installations of OS Updates are always disabled and cannot be enabled on the device. |
| Automatic Installation of Security Updates | Specify the action type Allowed – The user can enable or disable automatic installation of Security Updates on the device. Always On – Automatic installations of Security Updates are always enabled and cannot be disabled on the device. Always Off – Automatic installations of Security Updates are always disabled and cannot be enabled on the device. |
Rapid Security Response Settings
| Setting | Description |
|---|---|
| Enable Rapid Security Response | If unchecked, Rapid Security Responses aren’t offered for user installation. |
| Enable Rollback | If unchecked, the system doesn’t offer Rapid Security Response rollbacks to the user. |
Other Configuration
| Setting | Description |
|---|---|
| OS Update Cadence | Specify the action type Display All – Shows all software update versions. Display only Oldest version – Shows only the oldest (lower numbered) software update version. Display only Newest version – Shows only the newest (highest numbered) software update version. |
Click Save.
The newly created profile will be listed in the Profiles section.Go back to the Home tab and select the iOS / iPadOS device(s) or group(s).
Click Apply to launch the Apply Job/Profile To Device prompt.
In the Apply Job/Profile To Device prompt, select the created profile and click Apply.