Event details
31 Comments
Sorry totally off topic, but any updates on DDM for enabling Safari extensions?
- benjamin_flamm
Microsoft
Hey Pat! Not yet - we're still looking into it
Great info. Right now we're using MDM, but no deadline policy to our update because we can't control when they'll be installed. It's notify only right now. We have many device that could use those DDM policies but because we don't enforce update right now, many are stuck with MacOS 13 or MacOS 14 (which is not compatible with all the DDM policy). How would you handle the update process for those MacOS 15 ready device?
- benjamin_flamm
You can enforce updates using DDM on macOS 14 - for any devices before that then I would use a combination of MDM update policies, automatic actions (Software Updates MDM payload in the settings catalog), and compliance to push users to update to a DDM enabled version
Last time I tried on a MacOS 14 a policy that included a MacOS 15 policy, everything was ignored. Is this fixed?
Also something good to be aware of is that certain DDM Software update settings only work for macOS 15 and higher, those are described here under "Software Update Settings" section: https://aka.ms/appledayzero
- benjamin_flamm
Good callout Sven! The Software Update Enforcement and Enforce Latest work for macOS 14, but the new Software Update Settings are for macOS 15 and later. So devices before macOS 15 should continue to use the settings from the Software Update and Restrictions MDM payloads
when will the "Software Update Enforce Latest" settings be available? I do not see them in my tenant.
- benjamin_flamm
2503!
how do we change the default 60 second countdown to reboot after an OS update to 5 minutes or another value? Also, is it possible to configure to allow the user to postpone the reboot to a specific time?
- benjamin_flamm
The countdown isn't configurable by MDM currently - that would be a feature request to Apple.
I do want to highlight that enforcing an update is a very powerful action. My personal recommendation is to configure the automatic download/install update actions so that the update will attempt to install overnight or when the device has been inactive for a little bit, and then enforcing updates when absolutely necessary i.e. addressing a vulnerability, users delaying updates too long and you need to ensure device compliance, etc., outside of work hours of course Microsoft Intune is also dependent on how Apple has designed these DDM software update enforcement notifications. At the moment I don't believe Apple and/or Microsoft has any options to change those setting values (correct me if I am wrong of course)
As you can see a overview of all the enforcement notification moments:
From https://support.apple.com/en-gb/guide/deployment/depd30715cbb/1/web/1.0
Awesome session by Benjamin! Looking forward to the new "latest software update enforced feature", that seems like the missing piece and cherry on top 🥳
- benjamin_flamm
Thanks Sven! Looking forward to your feedback on the new feature
The links provided at the end of the presentation are not "clickable"... how do we get those links?
- Heather_Poulsen
Community Manager
Here you go:
- Microsoft Learn: macOS DDM updates | Settings list
- Apple Support: Apple Platform Deployment
- Apple WWDC: WWDC23 | WWDC24
- Heather_Poulsen
Thanks for joining today’s session on “Managing macOS updates in Intune” at Microsoft Technical Takeoff. Q&A will remain open through Friday so keep your comments and questions coming! Up next: Windows Autopatch: Your playbook for advanced update management
Here are the resources we mentioned in today’s session:
- Microsoft Learn: macOS DDM updates | Settings list
- Apple Support: Apple Platform Deployment
- Apple WWDC: WWDC23 | WWDC24
When you provide links in the presentation, they are not clickable.
- Pearl-Angeles
ucbryanweaver you can find links referenced in the presentation reference here. Hope this helps!
Excelent! thks
- Rachelle_Blanchard
Glad you enjoyed the session, thank you for joining us!
