Defer iOS updates with Intune

14. August 2018 1 Kommentar

Sometimes companies like to defer iOS updates for the field till they tested it.

Intune native provides an iOS update policy.

up-pol01

But thats not what we need in this case because we are not able to hide the update from the user and prevent manual installation of it.

Apple integrated a method to defer updates since iOS 11.3. It is documented here:

https://developer.apple.com/enterprise/documentation/Configuration-Profile-Reference.pdf

enforcedSoftwareUpdateDelay / Integer / Supervised only

This restriction allows the admin to set how many days a software update on the device will be delayed. 
With this restriction in place, the user will not see a software update until the specified number of days 
after the software update release date. The max is 90 days and the default value is 30. 
Availability: Available in iOS 11.3 and later and macOS 10.13.4 and later.

 

We are able to set this restriction with a custom profile created with the Apple Configurator tool.

apple-config

We deleted all other settings from the file but not the „Defer software updates“ part. It looks like this at the end.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
 <key>PayloadContent</key>
 <array>
  <dict>
  <key>PayloadDescription</key>
  <string>Configures restrictions</string>
  <key>PayloadDisplayName</key>
  <string>Restrictions</string>
  <key>PayloadIdentifier</key>
  <string>com.apple.applicationaccess.06D592A7-EBB8-4C39-9BD2-476325C606FE</string>
  <key>PayloadType</key>
  <string>com.apple.applicationaccess</string>
  <key>PayloadUUID</key>
  <string>06D592A7-EBB8-4C39-9BD2-476325C606FE</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
  <key>enforcedSoftwareUpdateDelay</key>
  <integer>10</integer>
 </dict>
</array>
<key>PayloadDisplayName</key>
<string>Untitled</string>
<key>PayloadIdentifier</key>
<string>WS-MacBook-Air.9125F365-4E56-4080-AEE7-083B4C48F069</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>E9114952-B602-407D-B2F7-5F251FBE7F9D</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

The deployment of the custom setting is easy with a device configuration profile.

Intune-Profile

The device shows the resulting setting in the management profile.

ios-profile

Filed under Technik

One Response to Defer iOS updates with Intune

  1. Pingback: Defer iOS updates with Intune (now built-in) | Wolfgang on the Road

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

Gravatar
WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden /  Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden /  Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden /  Ändern )

Abbrechen

Verbinde mit %s

%d Bloggern gefällt das: