Hi All, Let’s learn about the “Microsoft Intune Admins Issues with Rapid Security Response Version of iOS/iPadOS and macOS” update. Microsoft Intune administrators may have encountered challenges when working with the Rapid Security Response version of iOS/iPadOS and macOS, which could have resulted in operational disruptions or other issues.
iOS/iPadOS and macOS RSR (Rapid Security Response) are designed to provide more frequent security updates to users by incorporating them into subsequent minor updates rather than waiting for a major upgrade.
The impact of these issues was limited to Apple devices capable of receiving the Rapid Security Response updates, such as devices running iOS version 16.4.1 (a) and macOS version 13.3.1 (a). Other devices and operating systems were not affected.
MDM administrators could have leveraged Microsoft Intune compliance policies to enforce the latest version and ensure that devices were updated with the necessary security patches. This would have helped mitigate any potential security risks associated with using devices running older versions of iOS or macOS.
- Enroll iOS/iPadOS Devices in Intune Step-by-Step Guide
- Easy Method to Force Safari Patch Updates on MacOS Using Intune
Microsoft Intune with Rapid Security Response Version of iOS iPadOS and macOS
Rapid Security Responses are a new category of software updates for iPhone, iPad, and Mac devices, intended to provide significant security enhancements between major software updates. They may include critical improvements to system libraries, the Safari web browser, the WebKit framework stack, and other vital components for device security.
- To ensure that devices are kept up-to-date with the latest security patches, Rapid Security Responses are only available for the most recent versions of iOS, iPadOS, and macOS, starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1.
By default, devices are configured to accept Rapid Security Responses and apply them automatically, if necessary. Sometimes, a device may prompt the user to restart to complete the installation of these updates. Please refer to the appropriate documentation to review your device settings and ensure this feature is enabled.
If you use an iPhone or iPad, you can check your device’s settings to ensure that Rapid Security Responses are applied automatically. To do this, follow these steps:
- Go to Settings on your device.
- Tap on General.
- Tap on Software Update.
- Click Automatic Updates and Make sure that “Security Responses & System Files” is turned on.
If you are using a Mac, follow these steps to check your device’s settings: By ensuring that all these options are enabled, you can ensure that your device receives Rapid Security Responses as they become available.
- Click on the Apple menu in the top-left corner of the screen.
- Choose System settings
- Click on General in the sidebar.
- Click on Software Update on the right.
- Click the Show Details button next to Automatic Updates.
- Ensure that “Install Security Responses and system files” is turned on.
Rapid Security Response Version of iOS/iPadOS and macOS
The Rapid Security Response feature utilizes a versioning system based on the corresponding base operating system version. Each update is assigned a version starting with the letter “a,” followed by subsequent letters (such as “b,” “c,” etc.) as newer versions are released.
The impact was specific to Apple devices compatible with the Rapid Security Response updates, including iOS version 16.4.1 (a) and macOS version 13.3.1 (a). Examples of identified impacts include the following.
- Administrators using Microsoft Intune may have faced challenges when attempting to create new compliance policies to verify the presence of the latest iOS update that includes the “(a)” suffix in its version string. However, it’s worth noting that existing policy checks were not impacted and would continue to function as expected.
Microsoft Intune administrators may have faced difficulties creating policies to prevent conditional launches of mobile applications based on OS version, specifically when using the character “(a)” in the version string. This could have prevented them from checking for the latest version and verifying whether an application can be launched using Mobile Application Management (MAM), potentially leading to compliance and security issues for the affected devices.
- Reports with build-specific values will continue to report OS without the “(a).” This issue will be addressed as a separate issue moving forward. Architectural work is underway to enable this capability.
Microsoft Intune Compliance Policies to Set the Required Version to the Latest to Enforce the Security Update
Mobile Device Management (MDM) administrators can utilize Microsoft Intune compliance policies to mandate that devices be updated to the most recent version, thus ensuring optimal security measures.
- Admins managing Apple devices through Intune can establish the latest Rapid Security Response build as the minimum or maximum OS build by including the corresponding supplemental build version in the relevant policy section for iOS/iPadOS or macOS compliance policies.
- This ensures that devices remain up-to-date with the latest security features and protections.
- An example value for iOS: is 20E772520a, and an Example value for macOS: is 22E772610a.
Final Status of Rapid Security Response Version of iOS/iPadOS and macOS
After Microsoft conducted further investigation, it was determined that the enrollment restrictions did not impact the functionality of Rapid Security Response and, thus, were not affected by the event in question. To address any related issues, a fix was implemented in SDK version 17.4.2, which restored the ability for admins to create new compliance policy checks for the latest iOS updates while also allowing for blocking and validating conditional launches based on OS version.
- This resolved the MAM impact for Microsoft apps in the Apple App Store, such as the Outlook app version 4.2316.1.
- While these fixes addressed most of the impact outlined in the communication, it was found that reports with build-specific values will continue to report the OS without the “(a)” designation.
- This issue will be treated as a separate matter moving forward.
|Scope of impact
|This issue may have impacted any admin attempting to perform the actions outlined in the More Info section of this update.
|May 1, 2023, 5:30 AM GMT+5:30
|May 12, 2023, 5:15 PM GMT+5:30
|Apple has recently updated its version specification protocols, resulting in iOS/iPadOS and macOS.
These changes are necessary to ensure that Microsoft’s systems remain compatible and fully functional within the context of the new Apple versioning system.
|Microsoft has assessed our version specification protocols to ensure compatibility with iOS/iPadOS and macOS devices and prevent potential future impacts.
This evaluation let Microsoft modify its supported processes and ensure they interact seamlessly with Apple’s updated versioning system.
By taking these measures, Microsoft can help mitigate any potential issues. Service is restored as per MS.
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.