Contact Us
Help Center Home > Patch Management > Create an iOS Software Update Enforcement Policy

Create an iOS Software Update Enforcement Policy

The Software Updates Enforcement policy uses Apple’s Declarative Device Management (DDM) to ensure your devices run a specific iOS version. Unlike standard automatic update policies that generally install the latest available releases, this standalone policy lets you target and enforce a specific OS version or build number.

Features:

  • Version Control - Target a specific OS version or build number. If a build is not provided or contradicts the OS version, the policy enforces the target OS version.
  • User Notifications - Users receive daily reminders that escalate in frequency as the enforcement deadline approaches. Once the deadline is reached, the update becomes mandatory.

Prerequisites:

  • This policy is supported on devices running iOS 17 and later.
  • Apple Mobile Device Management (MDM) must be configured for your organization and devices must be enrolled in JumpCloud MDM. See Set up Apple MDM
  • iOS devices must be supervised. See Understand Supervised Devices and Policies.

Considerations:

  • Updates are enforced using the SoftwareUpdateEnforcementSpecific DDM configuration. See Apple’s developer documentation for SoftwareUpdateEnforcementSpecific to learn more.
  • This policy doesn't support deploying beta build versions.

Configuring an iOS Software Update Enforcement Policy

To create an iOS Software Update Enforcement Policy:

Important:

If your data is stored outside of the US, check which login URL you should be using depending on your region, see JumpCloud Data Centers to learn more.

  1. Log in to the JumpCloud Admin Portal
  2. Go to Device Management > Policy Management.
  3. In the All tab, click (+).
  4. On the New Policy panel, click the iOS tab.
  5. Select the Software Update Enforcement policy from the list, then click configure.
  6. (Optional) Add details or context regarding this policy to the Policy Notes.
  7. Click General Settings to expand the section. 
  8. Under Target OS Version, enter the specific iOS version you’d like to install and select it from the dropdown. This must be the full version value, for example 26.1.
  9. (Optional) Under Target Build Version, enter the specific build version of the OS to install, for example 21E219. 

Tip:

See Apple’s Software Lookup Service to view a full list of OS and build versions. You can also reference this third party tool SOFA - Simple Organized Feed for Apple Software Updates.

  1. Under Enforcement Deadline, specify the time when the device will force install the update. 
  2. Under Details URL, enter a URL (starting with http:// or https://) to display in Settings > General > Software Update. This link directs users to more information about software updates (for example, your company's intranet page, device use policy, or a link to Apple's documentation).
  3. Go to the Devices tab to bind the policy to a device, or the Device Groups tab to bind it to a group of devices.
  4. Click Save.

Verifying Policy Application on Devices

When enforcement policy declarations are delivered to iOS/iPadOS devices, they will appear in Settings.

To verify that the policy has applied:

  1. On the iOS/iPadOS device, go to Settings General > VPN & Device Management.
  2. Under Mobile Device Management, select MDM Enrollment Profile > Configurations
  3. If the policy has applied, Software Update appears.
  4. The specific version sent via the policy appears next to Required Software Update, for example (26.1). 
Back to Top

List IconIn this Article

Notebook IconLearn More

Create a DDM-Based iOS Patch Policy

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case