Contact Us
Help Center Home > Create a Mac Software Update Enforcement Policy

Create a Mac Software Update Enforcement Policy

The Software Updates Enforcement policy uses Apple’s Declarative Device Management (DDM) to ensure your devices run a specific macOS version. Unlike standard automatic update policies that generally install the latest available releases, this standalone policy lets you target and enforce a specific OS version or build number.

Features:

  • Version Control - Target a specific OS version or build number. If a build is not provided or contradicts the OS version, the policy enforces the target OS version.
  • User Notifications - Users receive daily reminders that escalate in frequency as the enforcement deadline approaches. Once the deadline is reached, the update becomes mandatory.

Prerequisites:

  • This policy is supported on Macs running macOS 14 Sonoma and later.
  • Apple Mobile Device Management (MDM) must be configured for your organization and Macs must be enrolled in JumpCloud MDM. See Set up Apple MDM

Considerations:

  • Updates are enforced using the SoftwareUpdateEnforcementSpecific DDM configuration. See Apple’s developer documentation for SoftwareUpdateEnforcementSpecific to learn more.
  • This policy doesn't support deploying beta build versions.

Configuring a Mac Software Update Enforcement Policy

To create a Mac Software Update Enforcement Policy:

Important:

If your data is stored outside of the US, check which login URL you should be using depending on your region, see JumpCloud Data Centers to learn more.

  1. Log in to the JumpCloud Admin Portal
  2. Go to Device Management > Policy Management.
  3. Click (+).
  4. On the New Policy panel, select the Mac tab.
  5. Select the Software Update Enforcement policy from the list, then click configure.
  6. (Optional) Add details or context regarding this policy to the Policy Notes.
  7. Click General Settings to expand the section. 
  8. Under Target OS Version, enter the specific macOS version you’d like to install or select from the dropdown. This must be the full version value, for example 26.1.
  9. (Optional) Under Target Build Version, enter the specific build version of the OS to install or select from the dropdown, for example 21E219. 

Note:

We recommend leaving the Target Build Version blank because macOS automatically determines the appropriate build for the Mac's hardware.

See Apple’s Software Lookup Service to view a full list of OS and build versions. You can also reference this third party tool SOFA - Simple Organized Feed for Apple Software Updates.

  1. Under Enforcement Deadline, specify the time when the device will force install the update. 
  2. Under Details URL, enter the URL (starting with http:// or https://) to display in System Settings > General > Software Update. This link directs users to more information about software updates (for example, your company's intranet page, device use policy, or a link to Apple's documentation).
  3. Go to the Devices tab to bind the policy to a device, or the Device Groups tab to bind it to a group of devices.
  4. Click Save.

Verifying Policy Application on Devices

When policy declarations are delivered to Macs, they will appear in System Settings.

To verify that the policy has applied:

  1. On the Mac, go to System Settings General > Device Management.
  2. Under Device (Managed), scroll to the bottom of the list and click MDM Enrollment Profile
  3. The MDM Enrollment Profile modal displays. Scroll to the bottom of the list. Under Device DeclarationsSoftware Update appears if the policy has applied.
  4. The specific version sent via the policy appears next to Required Software Update, for example (26.1). 
Back to Top

List IconIn this Article

Notebook IconLearn More

Create a DDM-Based macOS Patch Policy

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case