Share via

Intune Configuration Policy (Device Restriction)

SPK 11 Reputation points
2020-08-10T13:07:52.887+00:00

Intune Configuration Policy (Device Restriction): Defer Software update enabled, with Delay visibility of software updates set to 30 days. But we still some supervised devices with update iOS versions.

Example: iOS 13.6 was released on July 15th! However, instead of 13.5.1 version released on June 1st, we have most of the devices already updated with iOS 13.6, which got released just 21 days ago!

So, I have the below questions:

  1. Why is the iOS 13.6 updated on few devices already?
  2. Have also enabled "Update policies for iOS/iPadOS", does this push the update install forcefully? or end user will just get the visibility of Update availability post 30 days deferral period and then End user can manually install the update?
  3. or is it that OS Update availability will visible to end user from the time it is released and user may install it manually but it will automatically get pushed only after 30 days deferral period?

Please suggest on above!

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,921 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,374 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,201 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jon Alfred Smith 541 Reputation points
    2020-08-10T14:02:04.89+00:00

    Currently, there are three enrollment modes for Apple IOS. Device Enrollment, User Enrollment, and Automated Device Enrollment.

    My understanding is that these settings – Defer software updates with Delay visibility of software updates – only apply to Automated device enrollment (supervised). And then they should work. Supervised mode allows administrators to fully control and manage devices, and – if necessary – completely lock it down for a single task or single app. Administrators can also, for instance, remove the ability to install additional apps via Apple’s App Store. 

    https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-ios

    0 comments
  2. CiciWu-MSFT 1,206 Reputation points
    2020-08-11T02:24:37.693+00:00

    Add some more information. Profiles don't prevent users from updating the OS manually. Users can be prevented from updating the OS manually with a Device Configuration policy to restrict visibility of software updates.

    After configuring settings in Device Restrictions to hide an update from device users for a period of time on your supervised iOS/iPadOS devices. A restriction period can give you time to test an update before its visible to users to install. After the device restriction period expires, the update becomes visible to users. Users can then choose to install it, or your Software update policies might automatically install it soon after.

    Reference: https://learn.microsoft.com/en-us/mem/intune/protect/software-updates-ios

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.