Why Are My Apple Devices Are Allowed to Update iOS?

Why Are My Apple Devices Are Allowed to Update iOS?

Is anyone else having this issue? All of our enterprise devices have a profile that delays OS updates for 90 days. All of these devices are iOS 12+, but they randomly allow the user to update to the latest version of iOS. I'm looking at three identical devices right now and two of them will not allow an update (they have the "Your iPhone is running the latest software..." message) but one of them is asking to download and install 12.1.3. 

  • 4 weeks ago
  • SOTI MobiControl
  • 4 Answers
  • 0 Upvote
  • 1 Follower
  • 82 Views
    • 4 Answers
    • 0 Upvote
    • 1 Follower

4 Answers

Order By:   Standard | Newest | Votes
Matt Dermody | posted this 4 weeks ago

Because they're Apple devices ;). Great for personal devices, not ideal for enterprise devices. Have you tried also blocking the update server url(s) in addition to the update delay policy?

  • 0
  • 0
Raymond, Chan | posted this 4 weeks ago

What are the version and build numbers of your server?

 

From the device information tab of each of the 3 devices, have you checked if they all are DEP devices in supervision mode?

 

From the device configuration/profile tab of each of the 3 devices, have you checked that the status of the profile with the delaying OS updates restriction is "installed"?

 

For the problematic device, are there more than one profiles with CONFLICTING restrictions payload deployed? 

  • 0
  • 0
Mike Shouppe | posted this 4 weeks ago

We are on version 14.2.0.2894.

 

Yes, they are all DEP-supervised devices.

 

The configuration tab shows that the profile is installed (there aren't any other profiles that could be conflicting). What is strange is that if I administratively remove the profile and then re-install the profile, it will block the update properly. It seems like we have several devices that show the profile is installed when it isn't actually working properly.

  • 0
  • 0
Raymond, Chan | posted this 4 weeks ago

If I remember correctly based on my previous tests, this "delay Firmware Update" restriction is guaranteed to be effective only after a soft reset.  Probably buggy iOS firmware implementation (by arrogant but incompetent Apple programmers) that cache this restriction setting, and does not update immediately after each modified profile received, and there is nothing Soti agent software can do.  Just remember to force a soft reset after deploying such restriction.

 

  • 0
  • 0
Give us your feedback
Give us your feedback
Feedback