Free Edition
What is MDM?
Enterprise Mobility Management
Mobile Device Management
Mobile Application Management
Mobile Security Management
Mobile Email Management
Mobile Content Management
BYOD
Compliance
- CJIS
- HIPAA
- ISO
- PCI
- GDPR
Awards & Reviews
Supported Platforms
- iOS
- Android
- Windows
- macOS
- Chrome OS
- Android Enterprise
- Samsung Knox
Related Products

How to block OS updates in iOS and Android devices?

Description

As IT administrators, there are several scenarios where OS updates are to be restricted in iOS or Android devices. Some of the possible cases are:

Critical enterprise app(s) may not fully support the latest OS resulting in bugs & issues.
Enterprise network bandwidth may get affected if several devices update at once.
Bugs in the latest OS may prevent enterprise apps from functioning properly.

Here's how you can block OS updates on managed Android and Apple devices. Follow the steps given below to restrict OS updates:

iOS
Android

Prerequisite(s)

The following pre-requisites need to be met to restrict OS update in iOS and Android devices

iOS devices must be Supervised and running iOS 11.3 or above. If you want to block OS updates on devices running below iOS 11.3, refer this.
Android devices must be running Android 6.0 or later versions and must be provisioned as Device Owner.

Steps

Restricting OS updates for iOS devices

Mobile Device Manager Plus allows admins to create a policy to automate the OS updates on mobile devices. While configuring the policy, you can decide the number of days the OS update must be blocked for. After the OS update is available, the user will not be able to manually install the OS update for the specified number of days.

Navigate to Device Mgmt -> Automate OS updates
Create a new iOS policy.
Select Delay for and specify the number of days you want to prevent manual OS update
Create and distribute the policy to the required Groups or devices.

NOTE: The OS update can only be restricted upto 90 days, after which the users can manually update the OS on the devices. For more information on automating OS updates, refer this document.

Restricting OS updates for Android devices

Mobile Device Manager Plus allows admins to automate and schedule OS updates for Android devices. While configuring the policy, you can decide the number of days for which the OS update must be blocked for. After the OS update is available, the user will not be able to manually install the OS update for the specified number of days. After which, the OS update will automatically be installed on the devices based on the configured schedule.

Navigate to Device Mgmt -> Automate OS updates
Create a new Android policy
Select Delay for and specify the number of days you want to prevent manual OS update
Schedule the OS update, by specifying the Deployment Window, Deployment Days and the Deployment Window. Ensure the Deployment Window selected is minimum 2 hours.
Create and distribute the policy to the required Groups or devices.

Freeze Period: Ensuring Update Control During Critical Times

In addition to setting an OS update delay, administrators can configure a Freeze Period to completely suspend OS updates during critical business periods such as holidays, peak operational hours, or academic exams. This ensures uninterrupted device performance when stability is paramount.

Devices will not receive system update notifications.
Security updates will not be installed.
Users will be unable to manually install updates.

Example: In the education sector, freeze periods can be configured during exam seasons to ensure learning platforms continue functioning without disruptions.

Freeze periods are especially useful in environments where uninterrupted access to enterprise apps and services is critical.

Note: The OS update can only be restricted upto 30 days, after which the users can manually update the OS on the devices. We do not recommend permanently blocking OS updates, as this prevents critical security patches from reaching devices. To restrict updates completely, disable the following packages (strongly recommended to re-enable them once the critical issues are resolved):

Poco/Redmi - com.android.updater
oppo - com.oppo.ota
Lenovo - com.lenovo.ota
Lenovo/moto - com.motorola.ccc.ota
Pixel - com.google.android.gms
Vivo - com.bbk.updater
oneplus - com.oneplus.opbackup
samsung - com.sec.android.soagent,com.wssyncmldm

If the apps are not available in the inventory app list, add them under Inventory > Apps > Add new app, enter the required details, and then proceed with disabling them.