Delay iOS Updates in Intune with Configuration Policies

One of the latest changes to Intune is the ability to now deploy a configuration profile with iOS update deferral settings.

Microsoft are now suggesting that you move from configuring these settings in Update policies to using a configuration profile. One of the main drivers for this is that you can now defer an iOS update by up to 90 days without first having to define an automatic software update schedule.

Let’s look at both work flows to understand what has changed.


Software Update Policy


Process


image

Explanation

As you can see from the above example, we created an update policy that prevented an automatic update on every day of the week,  we also  did not allow time for a maintenance window. furthermore, we specified that for 30 days end users using the device would not be able to navigate to “Settings > Software Update” and manually install the update.

Device Restrictions Policy

Process

  • Navigate to the Intune Portal https://aka.ms/intuneportal
  • Under “Device Configuration > Profiles” Create a new Profile
  • Platform Type: iOS
  • Profile Type: Device restrictions


SNAGHTML49c054bf

image

SNAGHTML49c0d103

Explanation

In this new workflow you can see that we simply enable “Defer

software updates (supervised only)” followed by specifying how long we would

like to delay the update (0-90).


Thanks for reading, please feel free to reach out to me on Twitter or LinkedIn for clarification on any of the above.


Stewart McLaughlan

Stewart McLaughlan

Enteprise Mobility + Security SME