Enabling Intune to Force Apple Updates Improves Security

• Intune now can use managed software updates to force OS updates to all types of Apple hardware without user intervention.
• The improvement will help prevent zero-day attacks by rolling out updates faster.

Apple’s declarative device management framework, which can use existing mobile device management (MDM) services updated to support it, now offers a new approach for applying OS updates through Intune. This feature allows admins to mandate when the OS update must be applied across all Intune-supported Apple platforms. Managed software updates, first supported with Apple’s 2023 OS releases, could allow organizations to more strategically enforce updates to Apple platforms to stay ahead of zero-day exploits, which are increasing across all device types

Administrator Mandated Updates

Previously, Apple used different approaches to patch Macs and all Apple mobile devices. Differences between the two platforms and limitations of the iPhone and iPad without supervision (typically limited to organizationally owned devices) meant that a user could decide when to apply updates, even if an administrator needed to push updates out more rapidly. Note that while conditional access can mandate that users have a specific OS version on their devices, it cannot trigger the update itself. If conditional access policies mandate an OS version, that same OS version should already have been pushed out to managed devices via MDM.