As part of Apple’s unveiling of Declarative Device Management (DDM) at WWDC 2023, Apple announced that DDM management included the ability to manage software updates. Jamf Pro’s Blueprints leverages this capability to support to support managing software updates, including Background Security Improvements. Let’s see how this works using the following software update configuration as an example:

• Background Security Improvements will be automatically installed
• Background Security Improvements can be removed

For more details, please see below the jump.

As of Jamf Pro 11.25.2, there is not a Blueprints template available for creating blueprints which manage software update settings so the blueprint will need to be configured manually. To do this, use the following procedure:

1. Log into Jamf Pro.

2. Select Blueprints

3. Click the Create blueprint button.

4. You should see an unconfigured Blueprint. Click where it says Untitled blueprint and provide a name.

For this example, I’m using Background Security Improvements Management Settings.

5. Scroll down in the list on the left-hand side of the browser window to locate the Software Update Settings component.

6. Click on the Software Update Settings component and drag the Software Update Settings component to the Components in this blueprint section.

7. Once added to the Components in this blueprint section, click anywhere on the Software Update Settings component to open it for editing.

8. At this point, you will see the software update management settings. From there, scroll down to the Background Security Improvements section and click the Configure button.

In the Background Security Improvements section, select the following options to apply the following desired settings:

• Background Security Improvements updates will be installed:
• Select Allow for Background Security Improvements installation
• Background Security Improvements updates can be removed:
• Select Allow for Background Security Improvements removal

Once all choices have been made and verified, click the Update button.

You should now see the following items set to Enabled:

• Background Security Improvements installation
• Background Security Improvements removal

9. Once all the settings choices have been made and verified, click the Save changes button.

10. At this point, you should have a blueprint which has all settings configured but where no target scope has been set. To scope this blueprint, go to the Scope section and click the arrow button.

11. Select a Jamf Pro smart or static group. For this example, I’m selecting a static group named Background Security Improvements Settings Deployment Group.

12. Once everything has been configured, click the Deploy button to deploy the changes to the Macs you want to manage.

18. Once deployed, the Blueprints screen in Jamf Pro should show the newly-created Background Security Improvements Management Settings Blueprint as being deployed.

You can also check on the managed device’s end by opening System Settings: General: Device Management, locating the MDM enrollment profile in the list of profiles and double-clicking on it.

When you scroll to the bottom of the enrollment profile’s window, you should see a Device Declarations section. If you’re deploying a software update configuration via Blueprints, you should see a Software Update listing for Software Update Settings in the Device Declarations section.

If you click on the Software Update Settings listing, you should see the details of what is being managed. In the case of our example where we are setting Background Security Improvements to be automatically installed and allowing the removal option, you should see the the following entries set to On:

• Enable
• Enable Removal