Software Updates

Applicable to:

iOS 10.3+ and tvOS 12.0+ supervised devices

macOS devices

Windows 10+ devices

Create and distribute rules for OS updates.

This section contains the following topics:

Configuring software updates for iOS/tvOS devices

Procedure

To allow iOS/tvOS devices to have OS updates sent to them if they are in supervised mode:

  1. Go to Configurations.
  2. Click + Add.
  3. Click Software Updates.
  4. Click iOS/tvOS to view the Configuration Setup section.
  5. Select the Allow OS updates to be automatically installed on supervised devices option.
  6. Select one of the following options:
    • Update to latest version
    • Update to specific version - For example, enter iOS version number as 11.3.0.
  7. Select one of the following install actions:
    • Default
    • Download Only
    • Install ASAP
  8. Select the following time options for the updates to happen:
    • Start Time
    • End Time
    • Timezone
  9. Click Next.
  10. Select the Enable this configuration option.
  11. Select one of the following distribution options:
    • All Devices
    • No Devices (default)
    • Custom
  12. Click Done.
  • When installing a specific version of OS update for iOS devices, you must select a version that is available for the device. If you select an invalid or an unavailable version, software update of the device will be ignored.
  • If the device has a passcode, after MDM sends the update to the device, the device queues the update and the user is prompted to enter their passcode in order to start the installation.
  • Enable enforcedSoftwareUpdateDelay in iOS Restrictions to make sure the manual scan on devices for software updates will not delete the specific versions downloaded by this configuration.

Configuring software updates for Non-DEP and DEP macOS devices

Device Enrollment profile is part of Apple Business Manager that enables customers to purchase devices in bulk and automatically enroll the devices in MDM during activation. For more information, see Device Enrollment.

The following procedure helps you send OS updates to Non-DEP and DEP macOS devices.

Procedure

  1. Go to Configurations.
  2. Click + Add.
  3. Click Software Updates.
  4. Click macOS to view the Configuration Setup section.
  5. Select the Enable macOS Software Updates option.
  6. Select the type of updates for the device. For each of these updates, you can also select updates that do not require restart.
    • OS Updates
    • Critical Updates
    • Configuration Data Updates
    • Firmware Update
    • Non Critical Updates

      Admin can manage(install/schedule) non critical macOS updates by enabling Enable Non Critical Updates. This option is disabled by default for the existing tenants and needs to be enabled by admin explicitly post upgrade if required.

      In OS updates, Administrators can update the device to a specific version of macOS.

      All macOS updates can be configured with actions as follows:

      • Default
      • Notify Only
      • Install Later
      • Install Force Restart
      • Download Only
      • Install ASAP

    • Priority

      Default - Low

      Possible values - Low, High
    • Max User Deferrals
      Possible value - Integer
      Only supported when Install Later option is selected.
  7. Select the following time options for the updates to happen:
    • Start Time
    • End Time
    • Timezone
  8. Click Next.
  9. Select the Enable this configuration option.
  10. Select one of the following distribution options:
    • All Devices
    • No Devices (default)

    • Custom

  11. Click Done.

Configuring software updates for Windows devices

Procedure

To configure your Windows installation update schedule:

  1. Go to Configurations.
  2. Click + Add.
  3. Click Software Updates.
  4. Click Windows to view the Configuration Setup section.
  5. Enter the following options depending on the version of your Windows devices.
  6. Click Next.
  7. Select the Enable this configuration option.

  8. Select one of the following distribution options:

    • All Devices
    • No Devices (default)
    • Custom
  9. Click Done.

Software updates for Windows 10+ devices

  • Update Sources - Select one of the following sources:

    • Enterprise WSUS

    • Microsoft Update and/or Enterprise WSUS

  • URL to Enterprise WSUS Server

  • Alternate intranet Microsoft update server
  • Allow Updates from 'Trusted Publishers' - Limit sources for updates to trusted publishers only.

  • Auto Update Strategy - Select one of the options from the pull-down menu.

  • Scheduled Installation Day - Set the frequency of updates.

  • Scheduled Installation Time - Select an installation time for updates.

  • Allow updates to be downloaded automatically over metered connections - Enable or disable the option.
  • Do not allow update deferral policies to cause scans against Windows Update - Enable or disable the option.

  • Engaged restart deadline - Select the number of days to restart deadline.

  • Snooze engaged restart deadline - Select the number of days to snooze the engaged restart deadline.

  • Engaged restart transition schedule - Select the number of days to restart transition schedule.

  • Update/Fill empty content URLs.

  • MO App download limit - Select one of the following options:
    • Do not ignore MO download limit for apps and their updates

    • Ignore MO download limit (allow unlimited downloading) for apps and their updates

  • MO update download limit - Select one of the following options:
    • Do not ignore MO download limit for OS updates
    • Ignore MO download limit (allow unlimited downloading) for OS updates
  • Manage preview builds - Select one of the following options:

    • Disable Preview builds
    • Disable Preview builds once the next release is public

    • Enable Preview builds

  • Auto-restart warning notification schedule for updates - Select the minutes to be taken to auto-restart warning notification.

  • Restart warning reminder - Select the hours to set the restart warning reminder.

  • Automatic update schedule - Select the frequency of automatic updates.

  • Auto-restart notification for updates - Turn on the auto-restart notification for updates.

Software updates for pre-Windows 10.0.14393 devices

The following settings will not work if Telemetry Restriction is disabled on a device:

  • Pause Upgrade/Updates - Turn on to delay changes to a later date
  • Defer Updates for - Choose to delay up to 4 weeks
  • Defer Upgrades - Turn on to defer upgrades
  • Defer Upgrades for - Choose to delay up to 8 months

Software updates for Windows 10.0.14393+ devices

  • Branch to install updates from - Allows the IT admin to set which branch a device receives their updates from.

    • Current Branch

    • Current Branch for Business

  • Feature Updates (upgrades) - Supported only in Windows 10 Professional, Windows 10 Enterprise, and Windows 10 Education.

    • Pause updates

    • Defer for - Choose to delay up to 180 days.

  • Quality Updates (updates) - Supported only in Windows 10 Professional, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise.

    • Pause updates

    • Defer for - Choose to delay up to 30 days.

Software updates for Windows 10.0.17083+ devices

  • Feature Updates:

    • Feature update uninstall period - Select the number of days to be taken to uninstall a feature update.

Software updates for Windows 10.0.17763+ devices

  • Disable "Pause Updates" access by users

  • Disable UXWU Access by users (Windows Update Scan, download and install)

  • Update notification level - Select one of the following options:

    • Use the default Windows Update notifications

    • Turn off all notifications, excluding restart warnings

    • Turn off all notifications, including restart warnings

  • Feature updates:
    • Deadline before auto-restart for update installation - Select the number of days for the deadline before auto-restart for update installation.

    • Engaged restart deadline - Select the number of days for the engaged restart deadline.
    • Snooze engaged restart deadline - Select the number of days to snooze the engaged restart deadline.

    • Engaged restart transition schedule - Select the number of days to restart transition schedule.