DDM OS Updates – General Availability

Just last year, Addigy launched a beta of OS updates via DDM for Apple devices. This feature is opt-in for all Addigy admins, and as we’ll see, there’s a lot that DDM allows you to do. Addigy is now moving OS Updates via DDM out of beta and any customer can enable them in the Addigy Add-Ons section of Account > Integrations in the Addigy admin portal.

Enabling this feature will allow for the deployment of OS updates to macOS, iOS, and iPadOS via Declarative Device Management (DDM). These updates allow for a richer user experience in deferral and forced installation, improving the end-user experience while also ensuring that updates are done on time. With DDM OS Updates enabled on your Addigy instance, any major and minor OS version updates for macOS 14 and up, iOS 17 and up, and iPadOS 17 and up will be enforced via DDM. Updates like Safari and XProtect definitions for macOS will still take place via purely MDM (since DDM takes OS builds only) for these devices. Devices on macOS 13 and 12 will still have OS updates via MDM as they have, iOS and iPadOS 16 and older as well as all versions of tvOS will do the same.

How does it work?

Date of Enforcement

The DDM update enforcement allows for a day and time value to be set for the update to take effect. This happens after an OS release and takes effect on the device in the device’s local time. If the device is not online at that time, the OS update will prompt the user that the update will start shortly after the device next comes back online.

The recently added additional scheduling functionality allows for the selection of what days of the week update enforcements can be set for, as well as the ability to stop the setting of enforcement times during specific upcoming calendar days. If Apple publishes an update that would be enforced and takes place during this avoided period, the update will take place on the next available day that updates are enforced after the avoided period passes. 

For example, an update comes out from Apple on a Monday, and you have updates set to install 3 days after Apple publishes them, specifically at 4 pm local time Monday through Friday. This update would normally install on a Thursday at 4 pm if the device is online. However, you have an update avoidance period booked for that Thursday into the next Tuesday for a change control freeze. That means this update will now be installed on the following Wednesday.

Pending Update Visibility

The device’s GoLive data page shows the additional data about pending updates. Here you can see the number of pending updates, what status that update is in as it downloads, gets prepared for installation, and the installation itself.

In addition to the per device data shown in GoLive, you can also view the status of a policy deployment as a whole in the Policy Deployment Status tool. This will list out the updates pending or completed across all devices in the Policy. If you expand a given version it will indicate the device and its status, along with how current that status information is.