With the OS update management system, admins can block and require iOS updates on their supervised iOS devices to keep all devices on a common iOS version for a consistent management experience. Maintaining the OS ensures that the device security issues are addressed with minor iOS updates and the devices are always up to date.
OS update management offers an ideal solution for admins to:
The major features available are:
Ensure to have the minimum requirements explained in this section before initiating the OS update management on managed devices from the UEM console.
For information on network architecture and its requirements, refer to the Recommended Architecture guide.
View the snapshot of the list of latest or active iOS updates available from Apple for all your managed and eligible devices.
Navigate to the Resources > Device Updates > iOS page to view the available OS updates and other related details, including:
The list of iOS update details is pulled from the Apple using the Sync Device Updates scheduler job at the specified interval which runs at an interval of 6-24 hours (that pulls data from Apple).
Note: The Update Status shows the OS versions that are not available in https://gdmf.apple.com/v2/pmv. Whenever there is any change in the Expiry Date, the sync job inserts new records or updates the records accordingly. The update becomes unavailable only if the Expiry Date is over. To overcome this issue, the job must be fixed to update the Expiry Date of missing updates to one day less than the job runs so that the updates can be displayed as not available in UEM.
Select an OS Update from the Device Updates > iOS page to view additional information. The Details section shows the details of the OS update (such as version details, supported devices and so on). The graphs beneath the Details section, shows:
Updates to the devices are assigned using Smart Groups with preferred deployment parameters by selecting Manage Assignments. For more information on assignment, refer Assign OS Updates.
To deploy an OS Update, assign one or more smart groups to an iOS update and publish to the device.
To assign smart groups and deploy the iOS updates:
Navigate to the Resources > Device Updates > iOS page.
Select an iOS Update by selecting the corresponding radio button. The Manage Assignments option appears on top of the page.
Select Manage Assignments for the assignment page to display.
Select New Assignment under the Assignment section. The Add Assignment page appears.
In the Definition tab, enter the assignment name and select one or more smart groups. Select Next.
In the Deployment tab, enter the date and time for the deployment to begin and select one deployment method. The available deployment methods are:
Method | Description |
---|---|
Download and Install | The iOS update gets downloaded and installed on the device. |
Download Only | The iOS update only gets downloaded but not installed on the device. |
Install Only | The iOS updates gets installed on the device only if it is already downloaded through MDM or manually. |
In the Notification tab, activate or deactivate the notification for the successful download or install status and enter the notification text in the Push Notification field.
Select Save to publish the iOS update.
When the assignment gets saved for the selected iOS update in the UEM console, any eligble, assigned devices will receive the update command on their next check in. Keep in mind a device may not immediately check in depending on your console's settings. After saving, the status of the iOS update will change to Assigned and the status for assigned devices can be monitored in the Update Details page.
Note: These settings can be changed at any time after the update has been published.
If devices have multiple iOS update assignments, the deployment settings and iOS version will be evaluated in the following priority:
As an admin, you can even pause any updates that have been assigned. This holds any updates that have not been sent to iOS devices until the update is unpaused.
To pause an iOS update:
Navigate to the Resources > Device Updates >iOS page.
Select an assigned iOS update.
Select the PAUSE option at the top of the page.
Note: Pausing does not stop the updates that have already been processed on the device such as already downloading the update. Pause only stops the assigned future downloads of the update.
After assigning and publishing iOS updates to devices, the next step is to monitor their deployment.
To see the status of a deployment, select an iOS update from the Resources > Device Updates > iOS page to view additional information. The Details section shows the details of the iOS update (such as version details, supported devices and so on). The graphs beneath the Details section are for monitoring and taking action on the assigned devices. Those graphs show:
Values | Description |
---|---|
Last Seen | The last time the device communicated back to Workspace ONE UEM. |
Device Name | The friendly name of the device. |
User | The enrollment user’s first and last name assigned to the device. |
Status | The most recent status received for this iOS version’s update. |
Reason | Additional context for the status of an update if it was a failure. |
Next Retry | An estimate of when the system retries to send the update to the device when a failure occurs. It can be more frequent than the time listed. |
The table is also used to take action on devices for the selected update. The actions include:
Managing iOS Updates can be achieved at an individual device level for a more direct approach to ensure that the latest updates and their functionalities are applied across a managed device. These updates can be deployed and monitored for an individual device by navigating to Devices > List View > Select Device > Updates.
Publish iOS Updates for a Device
To publish a specific update to a selected device:
Select Updates tab to view the snapshot of the available OS Updates details.
Select an OS Update name and then select Publish. The Update page appears.
Select the preferred Device Installation Method.
Note: Download/Install option for Update Assignments performs either download or install actions based on the status of the OS update on the device.
If the OS update has already been downloaded, then the command installs the OS update. However, if the OS update is not downloaded yet, then the command triggers a download instead. Send the command again after the download is completed to trigger the install.
Select Send to publish the OS Update to the device.
Select Query Update Progress to request the latest status on the update.
Note: This does not impact any iOS updates assigned to the device. Any assignments will continue to be published to devices until they are on or above the assigned iOS version.
Track the Status for iOS Updates
The status for iOS updates are not shown until you schedule an update from the UEM console whether manually publishing or by assigning an update to the device. If an update is downloaded manually on an iOS device, the status of that update will not appear in the Updates list view. Once an admin schedules the update, the status on the console is updated. If an update installed manually, this is reflected in the Device Details Summary.
Troubleshooting
All commands and responses can be seen in event data by navigating to Device Details → More → Troubleshooting tab.
Admins can delay iOS updates for up to 90 days from when the update is released by Apple using a configuration profile.
To delay an iOS update:
Navigate to Resources > Profiles & Baselines > Profiles > Add.
Select Apple > iOS and configure Restrictions settings.
Select Delay Updates (Days) from the OS Updates Restrictions subsection.
Restrict Delay Updates and specify the number of days to delay the software update. Number of days range from 1 to 90. The number of days dictate the length of time after the release of the software update and not after the time of installation of the profile
Note: Any managed OS update command will bypass the delay OS updates restriction even if the OS version is within the restriction window of 90 or fewer days. However, if an update is downloaded while a restriction window is active, the update may still not be visible to the user. Once the restriction window expires, the update becomes visible to users.
Automatically or manually set an iOS 8+ supervised device name to match the Friendly Name in the UEM console. This feature is helpful when performing asset tracking from the device itself. The device name appears when the device is connected to iTunes and it can be edited in iTunes too.
Navigate to Groups & Settings > All Settings > General > Devices & Users > Friendly Name.
Select the Enable Custom Smartphone Friendly Name to set the device name as the friendly name.
Enter the Smartphone Friendly Name Format by entering the enrollment user, the device model, and device operating system information.
Select the Set Device Name to Friendly Name setting to set this name as the Device Name to match the Friendly Name.
Select Save to update the name.