Question on iOS update policies in Intune

Joachim Berghmans 1 Reputation point
2023-01-24T14:05:26.1866667+00:00

Hello,

I want to use Graph to update the iOS versions in different iOS update policies.

When looking up a policy I noticed this setting:

"enforcedSoftwareUpdateDelayInDays": null,

Is that an old deprecated setting or a feature that still has to be released? Because it sounds like something I'm looking for.

We have 4 environments that receive an iOS update after a specific timeframe after the update is released by Apple.

Because the iOS update policy does not take into account the delay configured in the device restrictions policy we always have to manually update the policy to the latest accepted version.

If we could just define a default delay in each policy that after x amount of days the update is download and installed automatically that would be great.

Full response:

Hello,
I want to use Graph to update the iOS versions in different iOS update policies.
When looking up a policy I noticed this setting:
"enforcedSoftwareUpdateDelayInDays": null,
Is that an old deprecated setting or a feature that still has to be released? Because it sounds like something I'm looking for.
We have 4 environments that receive an iOS update after a specific timeframe.
Because the iOS update policy does not take into account the delay configured in the device restrictions policy we always have to manually update the policy to the latest accepted version.
If we could just define a default delay in each policy that after x amount of days the update is download and installed automatically that would be great.
Full response:
{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/deviceConfigurations/$entity",
    "@odata.type": "#microsoft.graph.iosUpdateConfiguration",
    "id": "abcd-efgh-ijklm-nopq-zrsabcdefgh",
    "lastModifiedDateTime": "2023-01-11T08:21:11.9507753Z",
    "roleScopeTagIds": [
        "0"
    ],
    "supportsScopeTags": true,
    "deviceManagementApplicabilityRuleOsEdition": null,
    "deviceManagementApplicabilityRuleOsVersion": null,
    "deviceManagementApplicabilityRuleDeviceMode": null,
    "createdDateTime": "2022-12-02T10:22:05.738444Z",
    "description": "",
    "displayName": "iOS_PRODUCTION_Update_Policy",
    "version": 2,
    "isEnabled": false,
    "activeHoursStart": "00:00:00.0000000",
    "activeHoursEnd": "00:00:00.0000000",
    "desiredOsVersion": "16.2",
    "scheduledInstallDays": [],
    "utcTimeOffsetInMinutes": null,
    "enforcedSoftwareUpdateDelayInDays": null,
    "updateScheduleType": "alwaysUpdate",
    "customUpdateTimeWindows": []
}

Thank you,

Joachim

Microsoft Intune iOS
Microsoft Intune iOS
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.iOS: An Apple mobile operating system.
167 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,645 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,049 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Crystal-MSFT 40,376 Reputation points Microsoft Vendor
    2023-01-25T03:03:04.78+00:00

    @Joachim Berghmans, Thanks for posting in Q&A.

    For the key "enforcedSoftwareUpdateDelay", it is used to delay visibility of updates to end users. For more details we can see in the following link:

    https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-where-to-schedule-ios-policies/ba-p/280165

    Correctly, the feature is still there which you configured in device restriction. But this setting is used to hide an update from device users for a period of time on your supervised iOS/iPadOS devices. A restriction period can give you time to test an update before it's visible to users to install. After the device restriction period expires, the update becomes visible to users. Users can then choose to install it, or your Software update policies might automatically install it soon after.

    https://learn.microsoft.com/en-us/mem/intune/protect/software-updates-ios#delay-visibility-of-software-updates

    For the software update download and install, it is controlled by iOS update policy with the setting "Schedule type". Software update policies install updates based on their own schedule, regardless of the update being hidden or visible to the device user.

    https://learn.microsoft.com/en-us/mem/intune/protect/software-updates-ios#delay-visibility-of-software-updates

    For our situation, you can check what we configured the "Schedule type" and if the policy is applied to the device. Also see if the device is available during the scheduled time.

    Hope it can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.ns to the user's question.