cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Delaying visibility of software updates in Intune for supervised iOS devices
By
Intune_Support_Team
Published Feb 21 2019 02:04 PM 20.7K Views
Intune_Support_Team
Microsoft
‎Feb 21 2019 02:04 PM

Delaying visibility of software updates in Intune for supervised iOS devices

‎Feb 21 2019 02:04 PM

This change is now coming with the April update instead of March

 

We shared in a previous post that we were moving a few settings around in the console. As part of this change, we’re disabling the “Delay Visibility of Software Updates” setting with the February service update and removing it from the iOS update policy blade towards the end of March April. We aim to help resolve confusion around this setting and software update policies which are configured to push updates to devices. This will not change the way your scheduled software updates apply but it may affect how long the visibility of this update is delayed for end users.

 

After the February update to Intune and until the March April update rolls out, the Delay visibility setting will appear both in Device restriction profiles in the console and in Update policies for iOS in the Software update blade. During this time, here’s what you’ll have to do -

 

For existing Update policies for iOS: If you have custom configured this setting to anything other than the default 30 days, and want your existing configurations for the Delay visibility setting to continue to apply after the end of April March, you’ll have to create a new iOS device restriction profile. This will need to have the same values as in the existing Software update policy and be targeted to the same groups. If this setting has the default value of 30 days and you want that to apply after April March, you will still need to reconfigure the setting in it's new location to 30 days. After the April March service update, this setting will not show up in existing Software update policies you will no longer be able to edit values there.

 

Note: If the value for number of days you can delay visibility does not match in both locations, the Delay Visibility setting will not work, and end users will see the update on their devices as soon as it is available. So if this is configured as 20 days in one spot and 25 days in the new location, the setting will not apply at all. End users will see a notification on their device as soon as an iOS update is available.

 

This may have minimal impact for most customers since the Software Update Policy has always taken precedence over this setting in the console.

 

For new update policies for iOS: If you try to create new policies in the Software updates blade after the Intune February service update, you will see this setting grayed out. You’ll see a note in the console as shown in the preview screenshot redirecting you to the Device configuration blade to delay visibility of updates.

 

Anya 1.jpg

 

If you wish to delay visibility of software updates to your end users, start configuring it in new profiles in the Device Configuration blade. To do this, in the Intune blade, go to Device Configuration > Create policy > Device restrictions > General. Here you can configure the setting as per your requirements. Note that the setting will be "Not Configured" by default. Here's what the blade will look like after the setting moves - 

 Anya 2.png

 

We’ll keep this post updated with more information!

 

2/22/19: Updated with minor clarification

3/29/19 : Updated to say change is coming with the April update

4 Comments
bbhorrigan
Brass Contributor
‎Feb 22 2019 05:38 AM
‎Feb 22 2019 05:38 AM

awesome stuff, feature parity day by day.

aleksandrP
Copper Contributor
‎Apr 10 2019 02:43 AM
‎Apr 10 2019 02:43 AM

Hi,

it's still not clear on which time you can postponed updates installation on the device level.

We can postpone the visibility of new updates for user till 90 days, we can set up prevent frame for device, but where to set up for device the software delay installation and then install it in schedule time?

E.g. I have nonuser affinity device and want to postpone new iOS installation on 50 days and when run it on Sunday at 11.00, how to do it?

 

@teh_pianist @@Intune_Support_Team how the delay visibility to end user of new update correlates with Select times to prevent update installations which applies on device level and restricts time frame when updates aren't forcibly installed to device?

Hence If I set restriction on Monday 12 am - 8 pm and Apple will publish update on Monday at 1 pm does it mean I receive update immediately after 8 PM and the system update will ignore Delay visibility of software updates to end users setting?

teh_pianist
Copper Contributor
‎Apr 11 2019 01:28 AM
‎Apr 11 2019 01:28 AM

Fantastic stuff! Tested and deployed to all of our devices. Only thing that needs some clarifying though, how do I enable "Automatic Updates" on our supervised devices? Should I still keep an Update policy in place or? Seems to me there is no setting in the Restriction policy? Or am I missing something?

Or should I just setup an unconfigured Update Policy, as I don't want to prevent anything - we just want to hide updates for a month, and afterwards it should install asap.

 

Btw @aleksandrP from the article here https://docs.microsoft.com/en-us/intune/software-updates-ios There's a note saying

 "Apple MDM doesn't allow you to force a device to install updates by a certain time or date."

AnyaNovicheva
Microsoft
‎Apr 24 2019 07:02 AM
‎Apr 24 2019 07:02 AM

@aleksandrP Hi. The best way to do this today is to target a Device Configuration policy to postpone new iOS updates for 50+ days and deploy a Software Update policy to the device once you would like the device to update. After the policy is deployed, the device will receive a command the next time it checks in with the Intune service as long as that time window is not selected to be prevented in the Software Update policy. The Software Update policy will override the Device Configuration policy, so no changes to that policy on day 50 are required.

Regarding the second question, after 8pm, upon the next check in to the service, the service will determine if the current time is outside of the times to prevent update installations. If so, it will push a command to update the OS to the device. Because check-ins only happen every few hours, we recommend keeping a 12+ hour time frame that updates are not restricted in the policy. The Software Update policy overrides the Delay visibility of software updates setting, so that you can push updates at a time that is appropriate for your organization. I hope this helps! Thank you. 

 

@teh_pianist Hi, thank you! There is no device restriction to force automatic updates. If there is an update available, it will be pushed down to the device naturally after the days set for the delayed visibility of software updates run out. Pushing down a software update policy overrides the device restriction for delaying the visibility of the updates, so if you configure a software updates policy during the 30 days you want to delay the visibility of updates, the devices will update when they sync. Forced software updates install (if available) when the device syncs with the Company Portal. Please let me know if there is anything else.

0 Likes
Like
Version history
Last update:
‎Mar 29 2019 12:27 PM
Updated by: