Defer iOS updates with Intune

Sometimes companies like to defer iOS updates for the field till they tested it.

Intune native provides an iOS update policy.


But thats not what we need in this case because we are not able to hide the update from the user and prevent manual installation of it.

Apple integrated a method to defer updates since iOS 11.3. It is documented here:

enforcedSoftwareUpdateDelay / Integer / Supervised only

This restriction allows the admin to set how many days a software update on the device will be delayed. 
With this restriction in place, the user will not see a software update until the specified number of days 
after the software update release date. The max is 90 days and the default value is 30. 
Availability: Available in iOS 11.3 and later and macOS 10.13.4 and later.


We are able to set this restriction with a custom profile created with the Apple Configurator tool.


We deleted all other settings from the file but not the „Defer software updates“ part. It looks like this at the end.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
  <string>Configures restrictions</string>

The deployment of the custom setting is easy with a device configuration profile.


The device shows the resulting setting in the management profile.


One Response to Defer iOS updates with Intune

  1. Pingback: Defer iOS updates with Intune (now built-in) | Wolfgang on the Road

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

Du kommentierst mit Deinem Abmelden /  Ändern )


Du kommentierst mit Deinem Twitter-Konto. Abmelden /  Ändern )


Du kommentierst mit Deinem Facebook-Konto. Abmelden /  Ändern )

Verbinde mit %s

%d Bloggern gefällt das: