Do you have supervised iOS devices managed through Intune? If so, you may be aware that iOS software update will force install updates on supervised mode iOS devices. Intune has a new policy to prevent/delay this force updates. This will also give more granular option to control the iOS software updates. In this post, we will see How to Prevent iOS Automatic Updates Using Intune Policies. Video experience of creating Intune policies are here.
If you are looking for Windows 10 update ring policies with Intune then, I have a blog post “How to Setup Windows 10 Software Update Policy Rings in Intune Azure Portal“.
How to Create iOS Software Update Policies in Intune?
This Intune policy will help to delay iOS automatic updates to devices. The iOS devices should part of Apple DEP program. iOS devices should be managed through supervised mode.
Navigate via the Azure portal – Microsoft Intune– Software updates – iOS Update Policies – Create update policy. You can create a new policy with a suitable name and description of the policy. This policy will prevent iOS Automatic Updates forcefully getting installed on supervised iOS devices.
Settings – Configure is the place where you select the behaviour of this Intune policy. Select times to prevent update installations: Select Days, time zone, Start time and End time to stop iOS software updates from installing on supervised devices.
Select Days to Stop Updates from installing – May be after 5 days after the release of new iOS version. Using this days option, you can delay the software update (automatic update) of iOS on the device.
Select the time zone of the targeted devices – In this section, you need to select the Time Zone of the devices which you want to target this policy. For India Time Zone, I selected UTC+5:30.
Start Time – Select the beginning of the interval to stop iOS software updates from Installing on supervised iOS devices. Normally you don’t want to install software update during business hours on iOS devices. This will help you to schedule iOS phone updates via Intune policies.
End Time – Select the end of the interval to stop iOS software updates from installing on supervised iOS devices.
More details available in the video tutorial here.
How to Deploy or Assign Intune iOS Software Update prevention policy?
Once the Intune iOS Automatic Updates prevention Intune Policy is created, you can start assigning this policy to Azure AD Device groups. Deploy Updates Prevention Policy to iOS Devices. Select Assignments – Click on Select Groups to find the appropriate Azure AD group for targeting the iOS update prevention policy. Once the policy is deployed to devices then, it will postpone iOS software update.
You need to be careful about the policy settings while targeting the AAD device groups. In the policy configuration, there is an option to configure the time zone of the devices. Time zone configuration in this policy is a bit tricky. It seems we need to segregate Devices as per the time zone. I have not tested it, and this is my assumption towards this policy settings.
Reporting options are coming soon for iOS update policies in Intune.