The declaration to configure software updates.
| Setting | Type | Required | Default | Manual Install | Supported OS |
|---|---|---|---|---|---|
Software Update Notifications Notifications If set to `true`, the device shows all software update enforcement notifications.
If set to `false`, the device only shows notifications triggered one hour before the enforcement deadline, and the restart countdown notification. | boolean | optional | true | ✓Yes | iOS (18.0+)macOS (15.0+)tvOS (18.4+)visionOS (26.0+) |
Software Update Deferrals Deferrals This object configures the deferral of software updates. Background Security Improvements aren't considered in `Major`, `Minor`, or `System` deferral mechanism. 4 subkeys | dictionary | optional | — | ✗No | |
└─ Combined Major/Minor Update Deferral Period CombinedPeriodInDays Specifies the number of days to defer a major or minor OS software update on the device. When set, software updates only appear after the specified delay, following the release of the software update. Available in iOS 18 and later. Range: 1 - 90 | integer | optional | — | ✗No | |
└─ Major Update Deferral Period MajorPeriodInDays Specifies the number of days to defer a major OS software update on the device. When set, software updates only appear after the specified delay, following the release of the software update. Available in macOS 15 and later. Range: 1 - 90 | integer | optional | — | ✗No | |
└─ Minor Update Deferral Period MinorPeriodInDays Specifies the number of days to defer a minor OS software update on the device. It also defers major updates for iOS. When set, software updates only appear after the specified delay, following the release of the software update. Available in macOS 15 and later. Range: 1 - 90 | integer | optional | — | ✗No | |
└─ System Update Deferral Period SystemPeriodInDays Specifies the number of days to defer system or non-OS updates. When set, updates only appear after the specified delay, following the release of the update. Available in macOS 15 and later. Range: 1 - 90 | integer | optional | — | ✗No | |
Software Update Recommended Cadence RecommendedCadence This string specifies how the device shows software updates to the user. When more than one update is available update, the device behaves as follows:
- `All` - Shows all software update versions.
- `Oldest` - Shows only the oldest (lower numbered) software update version.
- `Newest` - Shows only the newest (highest numbered) software update version. | string | optional | — | ✗No | |
Automatic Software Update Settings AutomaticActions This object configures various automatic Software Update functionality. 3 subkeys | dictionary | optional | — | ✗No | |
└─ Automatic downloads of available updates. Download Specifies whether the user can control automatic downloads of available updates:
- `Allowed` - the user can enable or disable automatic downloads.
- `AlwaysOn` - automatic downloads are always enabled.
- `AlwaysOff` - automatic downloads are always disabled. | string | optional | Allowed | ✗No | |
└─ Automatic installs of OS updates. InstallOSUpdates Specifies whether the user can control automatic installation of available updates:
- `Allowed` - the user can enable or disable automatic installation.
- `AlwaysOn` - automatic installations are always enabled.
- `AlwaysOff` - automatic installations are always disabled. | string | optional | Allowed | ✓Yes | iOS (18.0+)macOS (15.0+)tvOS (18.4+)visionOS (26.0+) |
└─ Automatic installs of available security updates. InstallSecurityUpdate Specifies whether the user can control automatic installation of available security updates:
- `Allowed` - the user can enable or disable automatic installation.
- `AlwaysOn` - automatic installations are always enabled.
- `AlwaysOff` - automatic installations are always disabled. | string | optional | Allowed | ✗No | |
Background Security Improvement Settings RapidSecurityResponse These configurations set user access to interacting with Background Security Improvement. 2 subkeys | dictionary | optional | — | ✗No | |
└─ Enable Background Security Improvement Installation Enable If set to `false`, Background Security Improvements aren't offered for user installation. The system can still install Background Security Improvements with `com.apple.configuration.softwareupdate.enforcement.specific` configurations.
If set to `true`, the system offers Background Security Improvements to the user. | boolean | optional | true | ✓Yes | iOS (18.0+)macOS (15.0+)tvOS (18.4+)visionOS (26.0+) |
└─ Enable Background Security Improvement Rollbacks EnableRollback If set to `false`, the system doesn't offer Background Security Improvement rollbacks to the user.
If set to `true`, the system offers Background Security Improvement rollbacks to the user. | boolean | optional | true | ✓Yes | iOS (18.0+)macOS (15.0+)tvOS (18.4+)visionOS (26.0+) |
Allow Standard User OS Updates AllowStandardUserOSUpdates If set to `true`, a standard user can perform Major and Minor Software Updates.
If set to `false`, only administrators can perform Major and Minor Software Updates. | boolean | optional | true | ✗No | |
Beta Beta This object configures the beta program settings for a device. 3 subkeys | dictionary | optional | — | ✓Yes | macOS (15.4+) |
└─ ProgramEnrollment ProgramEnrollment Specifies whether the user can control beta program enrollment in the software update settings UI:
- `Allowed` - the user can enroll in any applicable beta programs associated with their logged in Apple Account. If the `OfferPrograms` key is present, then the programs listed in that key are also presented to the user.
- `AlwaysOn` - the beta programs specified by the organization are used, and the user isn't able to enroll in a beta program using their logged in Apple Account. The device is automatically enrolled into the beta program specified by the `RequireProgram` key if it's present. Otherwise, the system presents the programs listed in the `OfferPrograms` key to the user to choose which to enroll with.
- `AlwaysOff` - The device isn't allowed to enroll in any beta programs. The system removes the device from any beta programs, if already enrolled. | string | optional | Allowed | ✗No | |
└─ OfferPrograms OfferPrograms An array of beta programs allowed on the device. This key must only be present if the `ProgramEnrollment` key is set to `Allowed` or `AlwaysOn`. This key must not be present if the `RequireProgram` key is present. This key can be present on unsupervised devices where the `ProgramEnrollment` key isn't supported but is implicitly set to `Allowed`. 1 subkey | array | optional | — | ✓Yes | iOS (18.0+)macOS (15.0+)tvOS (18.4+)visionOS (26.0+) |
└─ └─ Program Program The name and token associated with a specific beta program to be allowed. 2 subkeys | dictionary | required | — | ✓Yes | iOS (18.0+)macOS (15.0+)tvOS (18.4+)visionOS (26.0+) |
└─ └─ └─ Description Description A human readable description of the beta program. | string | required | — | ✓Yes | iOS (18.0+)macOS (15.0+)tvOS (18.4+)visionOS (26.0+) |
└─ └─ └─ Token Token The Apple Business Manager or Apple School Manager seeding service token for the organization the MDM server is part of. The system uses this token to enroll the device in the corresponding beta program. | string | required | — | ✓Yes | iOS (18.0+)macOS (15.0+)tvOS (18.4+)visionOS (26.0+) |
└─ RequireProgram RequireProgram The device automatically enrolls in this beta program. This key must only be present if the `ProgramEnrollment` key is set to `AlwaysOn`. The `OfferPrograms` key must not be present if this key is present. 2 subkeys | dictionary | optional | — | ✗No | |
└─ └─ Description Description A human readable description of the beta program. | string | required | — | ✓Yes | iOS (18.0+)macOS (15.0+)tvOS (18.4+)visionOS (26.0+) |
└─ └─ Token Token The Apple Business Manager or Apple School Manager seeding service token for the organization the MDM server is part of. The system uses this token to enroll the device in the corresponding beta program. | string | required | — | ✓Yes | iOS (18.0+)macOS (15.0+)tvOS (18.4+)visionOS (26.0+) |
