diff --git a/it-and-security/lib/ios/declaration-profiles/software-update-settings.json b/it-and-security/lib/ios/declaration-profiles/software-update-settings.json
new file mode 100644
index 0000000000..e6fcff6729
--- /dev/null
+++ b/it-and-security/lib/ios/declaration-profiles/software-update-settings.json
@@ -0,0 +1,15 @@
+{
+    "Type": "com.apple.configuration.softwareupdate.settings",
+    "Identifier": "com.fleetdm.config.softwareupdate.settings",
+    "Payload": {
+        "AutomaticActions": {
+            "Download": "AlwaysOn",
+            "InstallOSUpdates": "Allowed",
+            "InstallSecurityUpdate": "AlwaysOn"
+        },
+        "Notifications": true,
+        "RapidSecurityResponse": {
+            "Enabled": true
+        }
+    }
+}
\ No newline at end of file
diff --git a/it-and-security/lib/ipados/declaration-profiles/software-update-settings.json b/it-and-security/lib/ipados/declaration-profiles/software-update-settings.json
new file mode 100644
index 0000000000..e6fcff6729
--- /dev/null
+++ b/it-and-security/lib/ipados/declaration-profiles/software-update-settings.json
@@ -0,0 +1,15 @@
+{
+    "Type": "com.apple.configuration.softwareupdate.settings",
+    "Identifier": "com.fleetdm.config.softwareupdate.settings",
+    "Payload": {
+        "AutomaticActions": {
+            "Download": "AlwaysOn",
+            "InstallOSUpdates": "Allowed",
+            "InstallSecurityUpdate": "AlwaysOn"
+        },
+        "Notifications": true,
+        "RapidSecurityResponse": {
+            "Enabled": true
+        }
+    }
+}
\ No newline at end of file
diff --git a/it-and-security/teams/company-owned-ipads.yml b/it-and-security/teams/company-owned-ipads.yml
index 7aa73fcefd..439b2aa13e 100644
--- a/it-and-security/teams/company-owned-ipads.yml
+++ b/it-and-security/teams/company-owned-ipads.yml
@@ -16,6 +16,7 @@ controls:
     minimum_version: "18.2"
   macos_settings:
     custom_settings:
+      - path: ../lib/ipados/declaration-profiles/software-update-settings.json
   scripts:
 policies:
 queries:
diff --git a/it-and-security/teams/company-owned-iphones.yml b/it-and-security/teams/company-owned-iphones.yml
index 3467b9ef61..7dc44045eb 100644
--- a/it-and-security/teams/company-owned-iphones.yml
+++ b/it-and-security/teams/company-owned-iphones.yml
@@ -20,6 +20,7 @@ controls:
       - path: ../lib/ios/configuration-profiles/lock-screen-message.mobileconfig
       - path: ../lib/ios/configuration-profiles/content-filtering.mobileconfig
       - path: ../lib/ios/declaration-profiles/passcode-settings-ddm.json
+      - path: ../lib/ios/declaration-profiles/software-update-settings.json
   scripts:
 policies:
 queries:
diff --git a/it-and-security/teams/workstations.yml b/it-and-security/teams/workstations.yml
index 2b15fc3cc7..46d2b218dc 100644
--- a/it-and-security/teams/workstations.yml
+++ b/it-and-security/teams/workstations.yml
@@ -56,6 +56,7 @@ controls:
       - path: ../lib/macos/configuration-profiles/prevent-autologon.mobileconfig
       - path: ../lib/macos/configuration-profiles/secure-terminal-keyboard.mobileconfig
       - path: ../lib/macos/declaration-profiles/passcode-settings.json
+      - path: ../lib/macos/declaration-profiles/software-update-settings.json
   macos_setup:
     bootstrap_package: ""
     enable_end_user_authentication: true