macOS: Move Update Settings to DDM

[Julian0o]

Hi there,

due to a Article from the Intune Team, the legacy Update Policy Settings will retire in macOS 26. So there needs to be an Update to the MacOS - OIB - Updates - D - Update Configuration - v1.0 Policy.

These settings are available, and we should discuss what's needed. I make a first attempt, but it's untested for now. I have no idea if the deferrals work together with the "Target OS Version" setting. The Apple Developer Docs doesn't mention this.

I think the first two Settings (Target OS Version Target Date Time) should be a seperate optional policy. This should work parallel to overwrite the normal Update Settings if needed.

More Details: https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-move-to-declarative-device-management-for-apple-software-updates/4432177

[Kerthmash]

+1 for this. I created a manual policy that uses DDM. Just a note for folks who want to test this setting the Software Update Enforce Latest will override the targeted OS version, or at least it did in my testing. Kept wanting to push my client to OS26 when we wanted to get everyone to the latest version of 15.

[nlcth]

It appears the only option for now is changing the target monthly if you do not want to upgrade to macOS 26. Setting enforce latest will ignore major version defer and target policy.

If you do not use enforce latest and use target policy + major version defer. It will hide macOS 26. But the max is 90 days. If you don't want standard users to have control over this. Disallow standard user OS updates.