1. SimpleMDM Help Center
  2. Documentation
  3. Device Management

macOS Software Updates

SimpleMDM can be used to configure macOS Software Update preferences and push macOS software updates. This article covers the different configurations and commands that can be used.

Modern macOS Software Updates (macOS 14+)

"Managed Software Updates" profile

This profile, which is technically a Declaration using Apple's Declarative Device Management framework, is the recommended method for deploying macOS Software Updates on devices running macOS 14 or greater. This profile provides significant improvements in terms of reliability, user experience, and granular control.

To create this profile, go to Configs > Profiles > "Create Profile" > Managed Software Updates. Once created, assign the profile to your Groups to apply it to devices in those groups.

Screenshot 2025-09-10 at 3.32.00 PM.png

Version: In this field, select what OS version you want to enforce.

  • Latest Minor Version: Always install the latest minor OS version available.
  • Latest Major Version: Always install the latest minor and major OS version available.
  • Minimum Specific Version: Enforce a specific OS version to install. If that version is not available to the device at the time of the update, the next closest available version will be installed.
    • Note: For macOS software updates, make sure to set the "macOS Version" field.
  • Latest Version Minus: Enforce the second latest (N-1), third latest (N-2), etc. OS version available.

Enforce By: In this field, select the date that you want the OS update to be installed on.

  • Specific Date: When selected, the admin can pick a specific date to enforce the update on targeted devices. This option is typically preferred if you just want to enforce a one-off OS update. The profile will need to be updated to enforce subsequent updates.
    • Enforcement Date: This is the date the update will be installed on devices. Targeted devices will download the update files prior to the enforcement date so that the device is ready to install at the enforcement time.
  • Relative Date: This allows admins to select the number of days after Apple releases an OS version to enforce the update. This option is typically preferred if you want to automatically keep devices on latest versions within a certain period of time after Apple releases them.
    • Days After Public Release: When using a relative date, this is the number of days after Apple releases the OS update to be enforced. For example, if macOS 26.0 is released on September 15, 2025 and 15 days is selected, the update will be enforced on September 30, 2025.

Enforcement Time: This is the local time that the update will be enforced on devices. Devices will interpret this and use the local timezone set on the device itself to determine the correct time. For example, if 8:00 is selected, devices will always install it at 8am regardless of what timezone they are in.

Details Page URL: This is an optional URL that end-users can click when they receive the notification prompts. You can use this to display your own internal documentation, for example.

Enable additional days until update for devices that enroll after the original enforcement date: This option allows you to add an additional grace period for devices that enroll after the enforcement date and receive this profile so that they are not immediately forced to update.

 

Other Notes:

  • End-User Experience: As the enforcement date & time get closer, device users will receive notifications with increasing frequency encouraging them to update their device and letting them know that if they choose not to, it will be forcefully installed at the enforcement date.
  • Checking Managed Software Updates configuration on devices: To view the configuration set on the device, go to System Settings > General > Device Management > click the top-level MDM profile (usually your account/org name) > under "Device Declarations", click "Required Software Update". This will display the payload values including required OS version and enforcement date.
  • More reading: See Apple's Deployment Guide documentation for more resources and information on managing Software Updates.

 

"Software Update Settings" profile

This profile allows you to configure the settings on macOS devices that you would typically find under System Settings > General > Software Update. It is specifically for controlling what actions a user can take pertaining to OS updates. This profile functions separately from the Managed Software Updates profile; OS updates enforced via MDM using Managed Software Updates profile will overrule the settings in this profile.

To create this profile, go to Configs > Profiles > "Create Profile" > Software Update Settings. Once created, assign the profile to your Groups to apply it to devices in those groups.

Screenshot 2025-09-10 at 3.57.45 PM.png

General

Allow standard users to perform OS updates: When enabled, non-admin users can manually install OS updates.

Allow system software update notifications: When disabled, this will suppress macOS system-driven update notifications (it does not impact Managed Software Updates profile enforcement).

Recommended Cadence: Which versions will be recommended to users to install. Options: all, latest, newest.

 

Automatic Actions

Download new updates when available: Force enable download of new updates, force disable download of new updates, or allow user to configure this preference.

Install OS updates: Force install OS updates, force disable OS updates, or allow user to configure this preference.

Install security update: Force install security updates, force disable security updates, or allow user to configure this preference.

 

Rapid Security Response

Enable Rapid Security Response (RSR) updates: When enabled, users can install Rapid Security Response updates.

Allow RSR rollback: When enabled, Rapid Security Response updates can be rolled back.

 

Deferrals

This section allows admins to forcefully prevent users from performing OS updates on their devices for a period of time (up to 90 days maximum) after Apple public release date.

Combined OS update deferral period in days: Defer all OS updates.

Major OS update deferral period in days: Defer major OS updates.

Minor OS update deferral period in days: Defer minor OS updates.

System update deferral period in days: Defer system updates.

 

Legacy macOS Software Updates (macOS 13.x and earlier)

"Software Update Policy for macOS" profile

**The commands mentioned below are deprecated in macOS 26 and will no longer work. Use Managed Software Updates profile instead for macOS 14+.**

This profile provides several options for configuring software update settings and controlling software update behavior.

Software Update - System Preferences

This section of the profile allows you to configure the settings that you will find on macOS under System Preferences > Software Updates > Advanced.

Within this section of the profile, you will find the following options:

Check for updates: when enabled, macOS will automatically check for available software updates.

Download new updates when available: when enabled, macOS will automatically download software updates.

Install macOS updates: when enabled, macOS will automatically attempt to install macOS software updates when available (user interaction may be required).

Install app updates from the App Store: when enabled, macOS will automatically attempt to install updates for apps installed from the App Store (user interaction may be required).

Install system data files and security updates: when enabled, macOS will automatically attempt to install security updates when available (user interaction may be required).

Allow pre-release software installation: allow users to install beta software prior to public release.

Require admin for app installation: force users to authenticate with admin credentials in order to install apps.

Updates to Display: control which available update versions are visible to the user to install (select one).

  • All available update versions: allow users to see all available updates.
  • Lowest versioned update only: allow users to see only the oldest available updates.
  • Highest versioned update only: allow users to see only the most recent available updates.

Managed OS Update

This section of the profile allows you to control the behavior that users see when installing macOS software updates remotely. Configure SimpleMDM to automatically update macOS devices when an update is available. *Requires macOS 12 or higher.

Mode (select one):

  • Smart Update: Automatically install updates when macOS deems it to be an opportune time. Updates will typically take place overnight while not in-use and plugged in to power.
  • Notify Only: Alert the user when an update is available, with the option to update. The user will see a prompt notifying them of the update and they can choose to proceed with the update or ignore it.
  • Disabled: Do not provoke updates automatically. Updates will not be installed automatically and the user will not see a notification.

"Install Update" Command

If macOS detects that a software update is available, you can send a command to install the OS software update as soon as possible. *This command requires macOS 12 or higher.

There are two ways to send this command within SimpleMDM:

1. From the Device Details page (single device)

When a compatible device has detected an OS update is available, an "Install Update" button will be shown next to the "OS Version" field. Click "Install Update" to push the update immediately.

2. From the main Devices list (multiple devices)

To push an OS update to multiple devices at once, go to the main Devices page, check the box next to the device names, then click "Actions" and select "Update OS version".

Sid DeVins
Updated

Related articles

Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.