Use Microsoft Intune policies to manage iOS/iPadOS software updates (2023)

Table of Contents
In this article Configure the policy Edit a policy Delay visibility of software updates Monitor for update installation failures on devices Next steps FAQs Videos
  • Article
  • 7 minutes to read

You can use Microsoft Intune device configuration profiles to manage software updates for iOS/iPad devices that enrolled as supervised devices.

Supervised devices are devices that enroll through one of Apple's Automated Device Enrollment (ADE) options. Devices enrolled through ADE support management control through a mobile device management solution like Intune. ADE options include Apple Business Manager or Apple School Manager.

This feature applies to:

  • iOS 10.3 and later (supervised)
  • iPadOS 13.0 and later (supervised)

With policies for iOS software updates, you can:

  • Choose to deploy the latest update that's available, or choose to deploy an older update, based on the update version number.

    When deploying an older update, you must also deploy a device restrictions profile to restrict visibility of software updates. This is because update profiles don't prevent users from updating the OS manually. Users can be prevented from updating the OS manually with a device configuration policy that restricts visibility of software updates.

  • Specify a schedule that determines when the update installs. Schedules can be as simple as installing updates the next time that the device checks in, or creating date and time ranges during which updates can install or are blocked from installing.

    By default, devices check in with Intune about every 8 hours. If an update is available through an update policy, the device downloads the update. The device then installs the update upon next check-in within your schedule configuration.

Note

(Video) Configure iOS update policies in Intune

iOS/iPadOS software updates that you send to a Shared iPad, can install only when there is no user signed in to a Shared iPad session and the device is charging. The iPad must be signed out of all user accounts and plugged into a power source for the device to update successfully.

Note

See Also
Best Idle Games To Play On Both Android & IOS - Ordinary GamingTop 10 Fun & Easy Python Projects for Beginners (with Code)Top 30 Best Multiplayer .io GamesApple Keynote: Das iPhone 14-Event im Live-Ticker

If using Autonomous Single App Mode (ASAM), the impact of OS updates should be considered as the resulting behavior may be undesirable.Consider testing to assess the impact of OS updates on the app you are running in ASAM. ASAM can be configured through Intune device restriction profiles.

Configure the policy

  1. Sign in to the Microsoft Endpoint Manager admin center.

  2. Select Devices > Update policies for iOS/iPadOS > Create profile.

  3. On the Basics tab, specify a name for this policy, specify a description (optional), and then select Next.

    Use Microsoft Intune policies to manage iOS/iPadOS software updates (1)

  4. On the Update policy settings tab, configure the following options:

    1. Select version to install. You can choose from:

      • Latest update: Deploys the most recently released update for iOS/iPadOS.
      • Any previous version that is available in the dropdown box. If you select a previous version, you must also deploy a device configuration policy to delay visibility of software updates.

    2. Schedule type: Configure the schedule for this policy:

      • Update at next check-in: The update installs on the device the next time it checks in with Intune. This option is the simplest and has no extra configurations.
      • Update during scheduled time: You configure one or more windows of time during which the update will install upon check-in.
      • Update outside of scheduled time: You configure one or more windows of time during which the updates won't install upon check-in.

    3. Weekly schedule: If you choose a schedule type other than update at next check-in, configure the following options:

      (Video) Microsoft Endpoint Manager Intune Configuration Profiles Part III iOS & iPadOs & MacOS

      Use Microsoft Intune policies to manage iOS/iPadOS software updates (2)

      • Time zone: Choose a time zone.

      • Time window: Define one or more blocks of time that restrict when the updates install. The effect of the following options depends on the Schedule type you selected. With a start day and end day, overnight blocks are supported. Options include:

        • Start day: Choose the day on which the schedule window starts.
        • Start time: Choose the time day when the schedule window begins. For example, if you select 5 AM and have a Schedule type of Update during scheduled time, 5 AM will be the time that updates can begin to install. If you chose a Schedule type of Update outside of a scheduled time, 5 AM will be the start of a period of time that updates can't install.
        • End day: Choose the day on which the schedule window ends.
        • End time: Choose the time of day when the schedule window stops. For example, if you select 1 AM and have a Schedule type of Update during scheduled time, 1 AM will be the time when updates can no longer install. If you chose a Schedule type of Update outside of a scheduled time, 1 AM will be the start of a period of time that updates can install.

      If you don't configure times to start or end, the configuration results in no restriction and updates can install at any time.

      Note

      See Also
      10 essential iPhone apps every single person should be usingHow Much To Wallpaper A Room?Coronavirus (COVID-19): advice for UK visa applicants and temporary UK residentsA Comprehensive Guide to GameMaker Language (2022)

      You can configure settings in a device restrictions profile to hide an update from device users for a period of time on your supervised iOS/iPadOS devices. A restriction period can give you time to test an update before it's visible to users to install. After the device restriction period expires, the update becomes visible to users. Users can then choose to install it, or your Software update policies might automatically install it soon after.

      When you use a device restriction to hide an update, review your software update policies to ensure they won't schedule the installation of the update before that restriction period ends. Software update policies install updates based on their own schedule, regardless of the update being hidden or visible to the device user.

    After configuring Update policy settings, select Next.

  5. On the Scope tags tab, select + Select scope tags to open the Select tags pane if you want to apply them to the update policy.

    • On the Select tags pane, choose one or more tags, and then Select to add them to the policy and return to the Scope tags pane.

    When ready, select Next to continue to Assignments.

  6. On the Assignments tab, choose + Select groups to include and then assign the update policy to one or more groups. Use + Select groups to exclude to fine-tune the assignment. When ready, select Next to continue.

    (Video) Intune Device Compliance Policies to Fix iOS 14.7 security issue

    The devices used by the users targeted by the policy are evaluated for update compliance. This policy also supports userless devices.

  7. On the Review + create tab, review the settings, and then select Create when ready to save your iOS/iPadOS update policy. Your new policy is displayed in the list of update policies for iOS/iPadOS.

Note

You can't use Intune software update policies to downgrade the OS version on a device.

Edit a policy

You can edit an existing policy, including changing the restricted times:

  1. Select Devices > Update policies for iOS. Select the policy you want to edit.

  2. While viewing the policies Properties, select Edit for the policy page you want to modify.

    Use Microsoft Intune policies to manage iOS/iPadOS software updates (3)

    See Also
    New Official Star Trek Logs Offer Clues About Lore, The Titan And More Ahead Of ‘Picard’ Season 33 Player Card Games Top 10 List - VIP SpadesBeyond Skyrim - BrumaHow to install Windows 11 on your Mac using Boot Camp Assistant [Apple MacBook Pro, Air, and iMac]

  3. After introducing a change, select Review + save > Save to save your edits, and return to the policies Properties.

Note

(Video) Enrolling Ios Devices To Microsoft Intune Administration Console

If the Start time and End time are both set to 12 AM, Intune does not check for restrictions on when to install updates. This means that any configurations you have for Select times to prevent update installations are ignored, and updates can install at any time.

Delay visibility of software updates

When you use update policies for iOS, you might have need to delay visibility of an iOS software update. Reasons to delay visibility include:

  • Prevent users from updating the OS manually
  • To deploy an older update while preventing users from installing a more recent one

To delay visibility, deploy a device restriction template that configures the following settings:

  • Defer software updates = Yes
    This doesn't affect any scheduled updates. It represents days before software updates are visible to end users after release.

  • Delay default visibility of software updates = 1 to 90
    90 days is the maximum delay that Apple supports.

Device restriction templates are part of device configuration policies.

For guidance from the Intune support team, see Delay visibility of software updates in Intune for supervised devices.

Monitor for update installation failures on devices

In the Microsoft Endpoint Manager admin center, go to Devices > Monitor > Installation failures for iOS devices.

Intune displays a list of supervised iOS/iPadOS devices that are targeted by an update policy. The list doesn't include devices that are up-to-date and healthy because iOS/iPad devices only return information about installation failures.

For each device on the list, the Installation Status displays the error that was returned by the device. To view the list of potential installation status values, on the Installation failures for iOS devices page, select Filters and then expand the drop-down list for Installation Status.

Next steps

Monitor device profiles

FAQs

Can Intune manage iOS updates? ›

You can use Microsoft Intune device configuration profiles to manage software updates for iOS/iPad devices that enrolled as supervised devices. Supervised devices are devices that enroll through one of Apple's Automated Device Enrollment (ADE) options.

Keep Reading
Can Microsoft Intune manage iPads? ›

Intune enables mobile device management (MDM) of iPads and iPhones to give users secure access to company email, data, and apps.

View More
Can Intune manage Apple devices? ›

On the other hand, Microsoft Intune manages not just Apple devices but also Windows systems and Android. Microsoft utilizes the built-in capabilities of Azure Same Sign-On for a smooth enrollment process.

Keep Reading
How do you make an iOS device supervised Intune? ›

Turn on supervised mode during enrollment

In the Microsoft Endpoint Manager admin center, you can turn on supervised mode for devices when you create an Apple enrollment profile in DEP. Under Device Management Settings, check the Supervised box.

Find Out More
Can you schedule an iOS update? ›

You can either select “Install Tonight” to schedule the update to take place during the night hours, while connected to power, or have iOS remind you later via the “Remind Me Later” button.

Continue Reading
Can Intune push Mac updates? ›

Microsoft Intune provides options to deploy and manage mobile OS updates, across both Apple and Android devices.

Show Me More
Do you need Apple business manager for Intune? ›

Intune also supports Apple's older Device Enrollment Program (DEP) portal, but we encourage you to start fresh with Apple Business Manager. With Microsoft Intune and Apple Corporate Device Enrollment, devices are automatically securely enrolled the first time the user turns on the device.

Read More
What is Apple Configurator in Intune? ›

Scenario. Setting up device enrollment with Apple Configurator, organizations can ensure that their company owned devices can be managed with additional features (Supervised Mode) and will also avoid activation lock of these devices when reallocated.

Get More Info Here
Does Apple have an MDM? ›

iOS, iPadOS, macOS, and tvOS have a built-in framework that supports mobile device management (MDM). MDM lets you securely and wirelessly configure devices by sending profiles and commands to the device, whether they're owned by the user or your organization.

View Details
Is Intune better than Jamf? ›

Comparison Results: Based on the parameters we compared, Jamf Pro received higher product ratings. Its ease of deployment, its solid set of features, and its service and support all top Microsoft Intune's offerings.

Read More

How do I register iOS device in Microsoft Endpoint Manager? ›

In Microsoft Endpoint Manager admin center, select Devices > iOS/iPadOS > iOS/iPadOS enrollment > Enrollment Program Tokens. Select a token in the list. Select Set Default Profile, select a profile in the list, and then select Save. The profile will be applied to all devices that enroll with the token.

Get More Info Here
What devices does Intune support? ›

Intune supports devices running the following operating systems (OS): iOS. Android. Windows.
...
Supported Samsung Knox Standard devices.
Device NameDevice Model Numbers
Galaxy J1 AceSM-J110F SM-J110H
Galaxy J1 MiniSM-J105M
Galaxy J2/J2 ProSM-J200H SM-J210F
Galaxy J3SM-J320F SM-J320FN SM-J320H SM-J320M
30 more rows
29 Sept 2022

Read More
How do I know if my iOS device is supervised? ›

You can find out if your iPhone or iPad is supervised by looking at the settings for your device. The Supervision message is found at the top of the main Settings page. Your organization also has the option to display a custom ownership message on the Lock Screen using the Shared Device Configuration profile payload.

Explore More
How do I make my iPad supervised? ›

Turn off Find My iPad by tapping Settings, Apple ID, then iCloud. Select the Prepare icon on Apple Configurator 2. Prepare with Manual Configuration and select both Supervise devices and Allow devices to pair with other computers. Create or select an organization.

Keep Reading
Which integration is required to enroll iOS devices? ›

Before enrolling any Apple device, it is mandatory you upload an APNs certificate in MDM as explained here.

Tell Me More
How install iOS update immediately? ›

At any time, you can check for and install software updates. Go to Settings > General > Software Update. The screen shows the currently installed version of iOS and whether an update is available.

Learn More Now
How can I update my iPad overnight? ›

How to Enable Automatic iOS Updates for System Software on iPhone or iPad
  1. Open the “Settings” app in iOS.
  2. Go to “General” and then to “Software Update”, then tap on “Automatic Updates”
  3. Toggle the Automatic Updates switch to the ON position to enable automatic iOS updates.
15 Feb 2019

Explore More
How do you update iOS on iPad? ›

Update iPad manually

At any time, you can check for and install software updates. Go to Settings > General > Software Update. The screen shows the currently installed version of iPadOS and whether an update is available. To turn off automatic updates, go to Settings > General > Software Update > Automatic Updates.

Read On
Can Intune manage macOS? ›

All Mac enrollments in Intune are considered user-approved. User-approved enrollment lets you manage macOS devices that aren't part of Apple School Manager or Apple Business Manager. It provides the same level of control as supervised macOS devices enrolled using Automated Device Enrollment or Apple Configurator.

Discover More
How do I sync my company portal to my Mac? ›

To force a sync on your personal Mac:
  1. Open the Company Portal app.
  2. Select Devices.
  3. If you only have one device, you'll go directly to the device details screen and can skip to step 4. ...
  4. Select More [...] and then choose Check Status to sync your device.
  5. Wait while Company Portal confirms your device status.
1 Jun 2022

See More

How do I add the intune app to OSX? ›

Select the app package file

In the Add app pane, click Select app package file. In the App package file pane, select the browse button. Then, select an macOS installation file with the extension .

Find Out More
How do you update apps with Intune? ›

Update on iOS device
  1. Open the App Store and search for Intune.
  2. Look for the Update option next to the Intune Company Portal listing. ...
  3. Follow the onscreen prompts to install the update.
  4. After you've installed the update, return to Company Portal > Devices.
  5. Select the device that you're currently using.
2 Jun 2022

Find Out More
How do I update my iPhone on my Microsoft computer? ›

Using iTunes, you can update software on your iPhone, iPad or iPod.
  1. Connect your device to your computer. ...
  2. In the iTunes app on your PC, click the Device button near the top left of the iTunes window.
  3. Click Summary.
  4. Click Check for Update.
  5. To install an available update, click Update.

Learn More Now
What is required to update apps on iOS devices? ›

On your iPhone and iPad, apps that you download from the App Store are automatically updated by default.
...
Update your apps manually
  • Open the App Store.
  • Tap your profile icon at the top of the screen.
  • Scroll to see pending updates and release notes. Tap Update next to an app to update only that app, or tap Update All.
8 Nov 2021

View Details
Which is the latest iOS update? ›

Apple's iOS 16 update was released to the public on September 12, 2022.

Read On
Does Intune do patch management? ›

Intune helps configure Windows Update for Business (WUfB) policies to patch. The latest update guide for Intune monthly patching is available in the following Cloud PC Monthly Patching Process Using Intune. You can also configure Windows 10 and 11 Feature Update using Intune policies.

Discover More Details
What are the top 3 best practices when implementing Intune? ›

Microsoft recommends the following best practices for implementing Intune MDM
  • Plan the deployment. ...
  • Review the Configuration Manager hierarchy to determine how best to integrate MDM. ...
  • Understand which platforms the organization will support.

Show Me More
What are Intune managed Apps? ›

Intune MAM allows the company to selectively control mobile applications like Microsoft Outlook, Word, Excel and OneDrive, without the need to take total control of the device.

Find Out More
How do I update my iPad from my computer? ›

Update software on iPhone, iPad, or iPod touch in iTunes on PC
  1. Connect your device to your computer. ...
  2. In the iTunes app on your PC, click the Device button near the top left of the iTunes window.
  3. Click Summary.
  4. Click Check for Update.
  5. To install an available update, click Update.

View More
How do you update iOS on iPad? ›

Go to Settings > General > Software Update. The screen shows the currently installed version of iOS and whether an update is available. To turn off automatic updates, go to Settings > General > Software Update > Automatic Updates.

Get More Info

How do I update my iPhone from my computer without iTunes? ›

Now, you can follow the steps below to fix iPhone unable to check for updates.
  1. Download and install AnyFix on your computer. ...
  2. Connect your iPhone with Computer and choose 1 click to upgrade iOS/iPadOS > Tap on Start Now. ...
  3. AnyFix will download the latest version of the firmware on your computer.
26 Aug 2022

Read The Full Story
How do I get my iPad to update apps automatically? ›

How to turn on or turn off automatic updates on your iPhone or iPad. Go to Settings. Tap App Store. Turn on or turn off App Updates.

View Details
How do I force an iOS app to update? ›

Even Apple and Microsoft don't force security updates. You can always opt out or restore an older version. If its a security or feature requirement, you can tell your users the update is necessary, or the app will not function. You can block their credentials until they update, but it will still be their choice.

Learn More Now
How do you update all apps on iPad? ›

Open the App Store. Tap your profile icon at the top of the screen. Scroll to see pending updates and release notes. Tap Update next to an app to only update that app, or tap Update All.

Get More Info Here
What is the latest version of iOS for iPad? ›

Apple security updates
Name and information linkAvailable forRelease date
iOS 15.3.1 and iPadOS 15.3.1iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)10 Feb 2022
148 more rows
10 Oct 2022

Read On
How do I update my iOS version? ›

Go to Settings > General > Software Update. Tap Automatic Updates, then turn on Download iOS Updates. Turn on Install iOS Updates. Your device will automatically update to the latest version of iOS or iPadOS.

Find Out More
Which Ipads will get iOS 16? ›

iPadOS is compatible with these devices.
  • iPad Pro (all models)
  • iPad Air (3rd generation and later)
  • iPad (5th generation and later)
  • iPad mini (5th generation and later)

Learn More Now

Videos

1. How to Prevent iOS Automatic Updates Using #Intune Policies
(Anoop C Nair)
2. Managing Apple devices with Microsoft Endpoint Manager
(Microsoft 365)
3. Configure App Protection Policy : iOS/iPadOS
(UEM Experts)
4. Intune - Device Compliance - iOS/iPadOS - Part 2
(Gucha Vlogs & Cloud eTech)
5. iOS Device Compliance Policy Intune
(T-Minus365)
6. Easily SECURE iOS Devices with Baseline Policies in Microsoft Intune | Episode 6
(UEM Authority)
Top Articles
Latest Posts
Article information

Author: Jamar Nader

Last Updated: 03/08/2023

Views: 6795

Rating: 4.4 / 5 (55 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Jamar Nader

Birthday: 1995-02-28

Address: Apt. 536 6162 Reichel Greens, Port Zackaryside, CT 22682-9804

Phone: +9958384818317

Job: IT Representative

Hobby: Scrapbooking, Hiking, Hunting, Kite flying, Blacksmithing, Video gaming, Foraging

Introduction: My name is Jamar Nader, I am a fine, shiny, colorful, bright, nice, perfect, curious person who loves writing and wants to share my knowledge and understanding with you.