As IT administrators, there are several scenarios where OS updates are to be restricted in iOS devices. Some of the possible cases are:
Follow the steps given below to restrict the OS updates for devices
The device must be Supervised for restricting OS update, preferably using Apple Configurator for devices below 11.3. Know more about Supervising iOS devices here.
Mobile Device Manager Plus allows admins to create a policy to automate the OS updates on mobile devices. Once this policy is configured and applied to devices, the users cannot update the current OS on the devices based on configured policy. Follow these steps to create the OS update policy
NOTE: The OS update can only be restricted upto 90 days, after which the users can manually update the OS on the devices. For more information on automating OS updates, refer this document.
The domain mesu.apple.com is used by Apple devices for updating the OS. If the devices cannot contact this domain, the OS cannot be updated. The most optimal way to prevent the domain from being accessed by the device, configure a proxy through which all internet communications are routed. In this proxy, blacklist the domain as explained below:
To restrict OS updates across all networks,
To restrict OS updates only in enterprise networks, ensuring the enterprise network is not affected,
Blacklist the domain mesu.apple.com in the organization firewall/proxy or any third-party filters being used.
Once both the policies are configured, save and publish the profile. To distribute the profiles,
You can update the OS for few devices by connecting them to the specific machine, which was used for Supervising the devices through Apple Configurator.
NOTE:If you cannot restrict OS updates as explained above, contact our Support team for alternate solutions.