Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.iru.com/llms.txt

Use this file to discover all available pages before exploring further.

This guide applies to Apple devices

About Declarative Device Management

Declarative Device Management (DDM) is Apple’s next-generation device management framework that provides a more efficient and reliable way to manage devices. Unlike traditional MDM, which uses a push-based approach, DDM allows devices to pull their configuration from the MDM server, making them more autonomous and self-managing. Iru Endpoint was first to market to support actively managing supervised devices with DDM in 2022, and since that launch, has continued to expand the usage of DDM throughout the product.

How It Works

DDM enhances Managed OS functionality by providing more reliable update delivery and enforcement. When DDM is enabled, devices can:
  • Pull updates autonomously - Devices check for updates independently
  • Handle offline scenarios - Updates can be cached and applied when connectivity is restored
  • Provide better reliability - Reduced dependency on constant server communication
  • Improve user experience - More seamless update processes with fewer interruptions

DDM and Managed OS

Iru Endpoint uses DDM for Managed OS for macOS, iOS 17, iPadOS 17, and tvOS 17 and later.
DDM is used to manage software updates automatically; there is no additional configuration needed in Managed OS Library Items. When DDM is used, Iru Endpoint simply applies a “declaration” to devices with the required OS version and the deadline for enforcement; from that point forward, the respective operating system handles all end user notifications and the actual enforcement process.

Admin Experience

Library Item Configuration

Managed OS Library Items for macOS Sonoma, iOS 17, and iPadOS 17 separate the enforcement time zone option into its own section. This option now applies only to upgrades from older operating systems.
When DDM is in use, update enforcement always uses the device’s local time zone. Iru Endpoint cannot change this behavior as it is set by the operating systems.

MDM Commands

Only a single MDM command for DeclarativeManagement is visible in the device’s activity stream when new OS versions are released or enforcement timelines are changed. Individual AvailableOSUpdates and OSUpdateStatus commands are no longer run throughout the update lifecycle as they don’t provide any information to Iru Endpoint when DDM is in use.

Library Item Status

macOS, iOS, iPadOS, and tvOS send updates proactively to Iru Endpoint about the status of OS updates. The operating systems, not Iru Endpoint, control the contents and granularity of these status updates. Iru Endpoint simply displays the updates as they are received. Iru Endpoint then maps various reported statuses to standard Library Item statuses, such as Downloading, Cached, Installing, Pass, and Error.

User Experience

Please visit the User Experience with Managed OS for macOS and User Experience with Managed OS for iOS, iPadOS and tvOS articles for more information.

Deferrals

Users cannot defer enforced updates beyond their enforcement deadline an hour at a time; this is because the operating systems do not allow it. This means updates could happen during critical business tasks if users continuously ignore notifications and don’t update their devices (though all notifications in the last 24hrs of enforcement ignore Do Not Disturb). Iru Endpoint cannot control this, but does recommend considering this important change when setting enforcement times in Managed OS. Also be sure to consider that all updates are enforced in device local time.

Troubleshooting

Check System Settings on macOS or Settings on iOS or iPadOS for the applied declaration. If it has the correct enforcement settings but users are not being notified properly, or updates are failing to install, please contact Apple support or send feedback to Apple through AppleSeed for IT. If devices are not receiving the correct declarations at all, or you have a general question about Managed OS, including how to configure it, please contact Iru support.

Frequently Asked Questions

Using DDM to manage software updates on Iru-supported Apple devices is the most reliable way to do so. It also brings a number of benefits like enforcement of updates in a device’s local time zone, and notifications that are able to bypass Do Not Disturb in the last 24hrs leading up to enforcement.
macOS: Open System Settings > General > Device Management > Double click on “MDM Profile” > Scroll down to “Device Declarations”.
Once a declaration hits a device, users will be notified immediately that an update is scheduled. Depending on your configuration, this notification could happen weeks or months ahead of the enforcement date.
iOS: Open Settings > General > VPN & Device Management > MDM Profile > Configurations
Yes. Iru Endpoint supports Managed OS for all supported operating systems.
When an update is already cached, and you want to push back the enforcement date, the enforcement date and time will be re-evaluated as soon as possible with the next MDM check-in.
Feedback about the end user experience when updates are managed with DDM, including the contents of notifications, their frequency, deferrals, or any other customizations should be sent to Apple through AppleSeed for IT.
Check System Settings on macOS or Settings on iOS or iPadOS for the applied declaration. If it has the correct enforcement settings but users are not being notified properly, or updates are failing to install, please contact Apple support or send feedback to Apple through AppleSeed for IT. If devices are not receiving the correct declarations at all, or you have a general question about Managed OS, including how to configure it, please contact Iru support.

Configure Managed OS for macOS

Configure managed OS updates for Mac computers

Configure Managed OS for iOS, iPadOS and tvOS

Configure managed OS updates for iOS, iPadOS, and tvOS devices

OS Update Strategies: OS Deferral Restriction and Managed OS

Compare different OS update management strategies