This site will be decommissioned on January 30th 2025. After that date content will be available at techdocs.broadcom.com.

OS Update Management

With the OS update management system, admins can block and require iOS updates on their supervised iOS devices to keep all devices on a common iOS version for a consistent management experience. Maintaining the OS ensures that the device security issues are addressed with minor iOS updates and the devices are always up to date.

OS update management offers an ideal solution for admins to:

  • Block end-user devices from detecting new iOS updates released by Apple. For more information on configuring the restriction profile to block end-users, refer Restriction Profile Configurations in Device Profiles.
  • Get information on current available patches/updates available for devices.
  • Publish iOS updates to end-user devices.

iOS Update Management Features

The major features available are:

  • Block Update – Configure the device not to detect an update for up to 90 days from the release date of the update by Apple. For more information on configuring the restriction profile to block the updates, refer Restriction Profile Configurations
  • List available updates – Lists all the available updates from Apple and lists out the devices that are eligible for the respective updates.
  • OS Update Action – Define the OS update action; download only, install only, or download and install immediately.
  • Monitor – Display the status of an OS update on assigned devices.

iOS Update Management Prerequisites

Ensure to have the minimum requirements explained in this section before initiating the OS update management on managed devices from the UEM console.

Supported Devices

  • Supervised iOS 11.3 and later
  • Device must have at least 50 percent battery
  • Device must have enough storage space available to download the update
  • Device must have a network connection Apple's update servers

Network Requirements

For information on network architecture and its requirements, refer to the Recommended Architecture guide.

View the Available iOS Updates

View the snapshot of the list of latest or active iOS updates available from Apple for all your managed and eligible devices.

Navigate to the Resources > Device Updates > iOS page to view the available OS updates and other related details, including:

  • Update – Name of the update.
  • Version – Version of the update.
  • Release Date – Date when the update is released.
  • Expiration Date – Date when the update expires.
  • Update Status – Status of the iOS update if available or not available from Apple.
  • Assignments – Number of assignments applied to an update.
  • Assignment Status – Status of the assignments applied to the update such as Assigned, Not Assigned, or Paused.

The list of iOS update details is pulled from the Apple using the Sync Device Updates scheduler job at the specified interval which runs at an interval of 6-24 hours (that pulls data from Apple).

Note: The Update Status shows the OS versions that are not available in https://gdmf.apple.com/v2/pmv. Whenever there is any change in the Expiry Date, the sync job inserts new records or updates the records accordingly. The update becomes unavailable only if the Expiry Date is over. To overcome this issue, the job must be fixed to update the Expiry Date of missing updates to one day less than the job runs so that the updates can be displayed as not available in UEM.

Select an OS Update from the Device Updates > iOS page to view additional information. The Details section shows the details of the OS update (such as version details, supported devices and so on). The graphs beneath the Details section, shows:

  • Device Readiness – Provides information related to the update and the devices enrolled at the organization group and below. This includes devices that are eligible to receive the update, devices that are not eligible to receive the update (e.g. unsupervised, incompatible hardware, etc.), devices that are on higher version, or devices already on the selected version.
  • Device Status – Provides information on the status of the iOS update on the assigned, eligible devices. This includes the devices that downloaded the update, installed the update, or failed with a specified error code.
  • Devices – The table shows the status of the iOS updates on eligible and non-eligible devices that are triggered from an assignment.

Updates to the devices are assigned using Smart Groups with preferred deployment parameters by selecting Manage Assignments. For more information on assignment, refer Assign OS Updates.

Assign and Publish iOS Updates

To deploy an OS Update, assign one or more smart groups to an iOS update and publish to the device.

To assign smart groups and deploy the iOS updates:

  1. Navigate to the Resources > Device Updates > iOS page.

  2. Select an iOS Update by selecting the corresponding radio button. The Manage Assignments option appears on top of the page.

  3. Select Manage Assignments for the assignment page to display.

  4. Select New Assignment under the Assignment section. The Add Assignment page appears.

  5. In the Definition tab, enter the assignment name and select one or more smart groups. Select Next.

  6. In the Deployment tab, enter the date and time for the deployment to begin and select one deployment method. The available deployment methods are:

    Method Description
    Download and Install The iOS update gets downloaded and installed on the device.
    Download Only The iOS update only gets downloaded but not installed on the device.
    Install Only The iOS updates gets installed on the device only if it is already downloaded through MDM or manually.
  7. In the Notification tab, activate or deactivate the notification for the successful download or install status and enter the notification text in the Push Notification field.

  8. Select Save to publish the iOS update.

When the assignment gets saved for the selected iOS update in the UEM console, any eligble, assigned devices will receive the update command on their next check in. Keep in mind a device may not immediately check in depending on your console's settings. After saving, the status of the iOS update will change to Assigned and the status for assigned devices can be monitored in the Update Details page.

Note: These settings can be changed at any time after the update has been published.

If devices have multiple iOS update assignments, the deployment settings and iOS version will be evaluated in the following priority:

  1. Newest iOS version (e.g. iOS 13.3 be prioritized over iOS 13.1).
  2. Closest assignment at or above the Organization Group where the device is enrolled (e.g. if a device is enrolled at a child Organization Group, the device will take the assignment at the child Organization Group rather than any at a parent level. This assumes the assignments are for the same iOS version).
  3. Highest priority within the assignment selected based on the first two criteria with an ascending priority (e.g. priority of 1 is higher than a priority of 2).

Pause and Unpause iOS Updates

As an admin, you can even pause any updates that have been assigned. This holds any updates that have not been sent to iOS devices until the update is unpaused.

To pause an iOS update:

  1. Navigate to the Resources > Device Updates >iOS page.

  2. Select an assigned iOS update.

  3. Select the PAUSE option at the top of the page.

    Note: Pausing does not stop the updates that have already been processed on the device such as already downloading the update. Pause only stops the assigned future downloads of the update.

Monitor iOS Update Assignments

After assigning and publishing iOS updates to devices, the next step is to monitor their deployment.

To see the status of a deployment, select an iOS update from the Resources > Device Updates > iOS page to view additional information. The Details section shows the details of the iOS update (such as version details, supported devices and so on). The graphs beneath the Details section are for monitoring and taking action on the assigned devices. Those graphs show:

  • Device Readiness – Provides information related to the update and the devices enrolled at the organization group and below. This includes devices that are eligible to receive the update, devices that are not eligible to receive the update (e.g. unsupervised, incompatible hardware, etc.), devices that are on higher version, or devices already on the selected version.
  • Device Status – Provides information on the status of the iOS Update on the assigned, eligible devices. This includes the devices that downloaded the update, installed the update, or failed with a specified error code.
  • Devices – The table shows the status of the iOS update on eligible and non-eligible devices that are triggered from an assignment. The values of this table are:
Values Description
Last Seen The last time the device communicated back to Workspace ONE UEM.
Device Name The friendly name of the device.
User The enrollment user’s first and last name assigned to the device.
Status The most recent status received for this iOS version’s update.
Reason Additional context for the status of an update if it was a failure.
Next Retry An estimate of when the system retries to send the update to the device when a failure occurs. It can be more frequent than the time listed.

The table is also used to take action on devices for the selected update. The actions include:

  • Query – Request latest information for the device related to the iOS update.
  • Override – Trigger a Download and/or Install command for the device. It ignores any assignments made for the device previously.

Manage iOS Updates for Individual Devices

Managing iOS Updates can be achieved at an individual device level for a more direct approach to ensure that the latest updates and their functionalities are applied across a managed device. These updates can be deployed and monitored for an individual device by navigating to Devices > List View > Select Device > Updates.

Publish iOS Updates for a Device

To publish a specific update to a selected device:

  1. Select Updates tab to view the snapshot of the available OS Updates details.

  2. Select an OS Update name and then select Publish. The Update page appears.

  3. Select the preferred Device Installation Method.

    Note: Download/Install option for Update Assignments performs either download or install actions based on the status of the OS update on the device.

    If the OS update has already been downloaded, then the command installs the OS update. However, if the OS update is not downloaded yet, then the command triggers a download instead. Send the command again after the download is completed to trigger the install.

  4. Select Send to publish the OS Update to the device.

  5. Select Query Update Progress to request the latest status on the update.

Note: This does not impact any iOS updates assigned to the device. Any assignments will continue to be published to devices until they are on or above the assigned iOS version.

Track the Status for iOS Updates

The status for iOS updates are not shown until you schedule an update from the UEM console whether manually publishing or by assigning an update to the device. If an update is downloaded manually on an iOS device, the status of that update will not appear in the Updates list view. Once an admin schedules the update, the status on the console is updated. If an update installed manually, this is reflected in the Device Details Summary.

Troubleshooting

All commands and responses can be seen in event data by navigating to Device Details → More → Troubleshooting tab.

Delay iOS Updates

Admins can delay iOS updates for up to 90 days from when the update is released by Apple using a configuration profile.

To delay an iOS update:

  1. Navigate to Resources > Profiles & Baselines > Profiles > Add.

  2. Select Apple > iOS and configure Restrictions settings.

  3. Select Delay Updates (Days) from the OS Updates Restrictions subsection.

  4. Restrict Delay Updates and specify the number of days to delay the software update. Number of days range from 1 to 90. The number of days dictate the length of time after the release of the software update and not after the time of installation of the profile

    Note: Any managed OS update command will bypass the delay OS updates restriction even if the OS version is within the restriction window of 90 or fewer days. However, if an update is downloaded while a restriction window is active, the update may still not be visible to the user. Once the restriction window expires, the update becomes visible to users.

Set the Device Name for a Supervised iOS Device

Automatically or manually set an iOS 8+ supervised device name to match the Friendly Name in the UEM console. This feature is helpful when performing asset tracking from the device itself. The device name appears when the device is connected to iTunes and it can be edited in iTunes too.

  1. Navigate to Groups & Settings > All Settings > General > Devices & Users > Friendly Name.

  2. Select the Enable Custom Smartphone Friendly Name to set the device name as the friendly name.

  3. Enter the Smartphone Friendly Name Format by entering the enrollment user, the device model, and device operating system information.

  4. Select the Set Device Name to Friendly Name setting to set this name as the Device Name to match the Friendly Name.

  5. Select Save to update the name.

check-circle-line exclamation-circle-line close-line
Scroll to top icon