Test and defer software updates for Apple devices
You should test and defer software updates and upgrades until you make sure all your apps work properly with the update or upgrade.
Testing software updates and upgrades
You should develop a plan for testing updates and upgrades in your environment. This includes two paths: testing updates (such as iOS 16.7, iPadOS 16.7 and macOS 13.6) or testing upgrades (such as iOS 17, iPadOS 17 and macOS 14). These tests should involve networking, app usage and integration with any identity provider (IdP) systems.
Deferring software updates and upgrades
You can prevent devices from offering over-the-air software updates and upgrades to users until a specified period of time has expired since they were published by Apple. For example, suppose you have an iPhone fleet using iOS 15.5, and you’ve applied a deferred software update payload of 30 days. In this scenario, iPhone users have iOS 15.6 offered to them on 15/06/2022.
When you implement this restriction, there’s a default delay of 30 days before the published update is visible to managed supervised devices. However, you can specify a custom value, anywhere from 1 to 90 days. This delay applies to all operating system updates and upgrades, although MDM has the ability to send specific updates to devices irrespective of the above restriction. Deferring software updates and upgrades is available in iOS 11.3, iPadOS 13.1, macOS 10.13.4 and tvOS 12.2, or later.
Note: Over-the-air software updates are typically available for up to 180 days after their initial availability to ensure that an update and upgrade is always available for devices with the maximum deferral value.
A configuration profile can be created for each of the restriction payload settings listed here.
Minimum supported operating systems | Key and value (if any) | Description | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
iOS 11.3 or later iPadOS 11.3 or later macOS 10.13.4 or later tvOS 12.2 or later |
| Default is false. If set to true:
Note: This doesn’t apply to macOS seed builds. | |||||||||
macOS 11.3 or later |
| Default is false. If set to true, user visibility of software upgrades is delayed for 30 days, unless another delay value is specified with | |||||||||
macOS 11.3 or later |
| Default is false. If set to true, user visibility of app updates are delayed for 30 days, unless another delay value is specified with | |||||||||
iOS 11.3 or later iPadOS 11.3 or later macOS 10.13.4 or later tvOS 12.2 or later |
1-90 | Allows the MDM administrator to set how many days a software update is delayed. Required when using When a value is set, user visibility of a software update occurs only after the specified delay (according to when that software was released in the Apple Software Lookup Service). This value controls the delay for
Note: Before macOS 11.3, this value controlled the delay for both | |||||||||
macOS 11.3 or later |
1-90 | Allows the MDM administrator to set how many days a software upgrade is delayed. The maximum is 90 days and the default value is 30 days. When a value is set, user visibility of a software upgrade occurs only after the specified delay (according to when that software was released in the Apple Software Lookup Service). This value controls the delay for | |||||||||
macOS 11.3 or later |
1-90 | Allows the MDM administrator to set how many days a software update is delayed. The maximum is 90 days and the default value is 30 days. When a value is set, user visibility of a software update occurs only after the specified delay (according to when that software was released in the Apple Software Lookup Service). This value controls the delay for | |||||||||
macOS 11.3 or later |
1-90 | Allows the MDM administrator to set how many days an app update is delayed. The maximum is 90 days and the default value is 30 days. When a value is set, user visibility of an app update occurs only after the specified delay (according to when that software was released). This value controls the delay for |
Allow the user to temporarily defer macOS software updates and upgrades
For greater control, in macOS 12.3 or later, you can enforce a particular software update or upgrade while allowing users to defer them a specific number of times. An MDM solution that supports this feature can specify the number of times using the InstallLater
install action, where this number is defined by the MaxUserDeferrals
key.
The install notification is shown approximately once every 24 hours. A deferral occurs when the user closes the Notification window. The user has the following options for the update or upgrade after they click the notification:
Install Now: Downloads the update or upgrade and installs it immediately.
Try Tonight: Downloads and installs later.
If the user selects this option, based on machine learning from the data over the last 21 days, the Mac finds the best time to download and install the update or upgrade — roughly between 2:00 am and 4:00 am (It may not always be during this time).
If the user still has deferrals remaining and if they don’t see the notification or they ignore it, the update isn’t installed that evening. The final notification for installation bypasses Do Not Disturb. Also, the number of possible deferrals can be updated by an MDM administrator by issuing a new command. When doing so, the deferral counter on the Mac is reset.