Information
Apple provides the capability to manage software updates on Apple devices through mobile device management. Part of those capabilities permit organizations to defer software updates and allow for testing. Many organizations have specialized software and configurations that may be negatively impacted by Apple updates. If software updates are deferred, they should not be deferred for more than 30 days. This control only verifies that deferred software updates are not deferred for more than 30 days.
Manage software updates for Apple devices
Rationale:
Apple software updates almost always include security updates. Attackers evaluate updates to create exploit code in order to attack unpatched systems. The longer a system remains unpatched, the greater an exploit possibility exists in which there are publicly reported vulnerabilities.
Impact:
Some organizations may need more than 30 days to evaluate the impact of software updates.
Solution
Profile Method:
Create or edit a configuration profile with the following information:
The PayloadType string is com.apple.applicationaccess
The key to include is enforcedSoftwareUpdateDelay
The key must be set to <integer><1-30></integer>