By: Priya Ravichandran – Principal Product Manager | Microsoft Intune
Intune allows administrators to control when and how system updates apply to their Android Enterprise corporate devices. This is done via Intune’s device restriction policy, which leverages the SystemUpdate resource in Google’s Android Management API.
This post provides clarity around this policy and how this affects the user experience on the device.
Today, administrators have four choices when configuring system update behavior via Intune:
The Device default experience matches the update experience enabled on the device by the OEM for all consumers. This is the default setting value.
The Automatic or Maintenance window options don’t notify or prompt the user before an update installs. The update will apply as soon as the policy requirements are fulfilled and will trigger a reboot as needed. Additionally, if the Maintenance window option is selected and the update does not successfully install during that window within 30 days, the update will then be automatically installed by the system at the next available opportunity regardless of the defined maintenance window. No user messaging will be displayed.
When Postponed is selected, updates are deferred by 30 days. At the end of the 30 days, updates are installed per the device default experience.
In addition to the OS updates released by the OEM, Google also releases system updates that apply to all Google-certified Android devices. Similar to the OS updates, Google system updates – which are released weekly - may also require a device reboot to fully apply the update. These updates comply with any system update policy that is set on the device.
Google’s System update settings are primarily intended to manage updates on dedicated devices that don’t have users on the device such as digital signage. Since the policy was designed for these types of devices, setting this policy effectively removes any user notifications on this device.
It’s important to understand the scenarios for which these update policies are being configured to ensure the experience on the device is appropriate. Scenarios may include:
As always, before deploying a policy broadly, we recommend verifying that the impact and experiences of policy choice meet your organization’s needs.
Users can manually check and apply updates on their device at any time by checking the System Update option, located in Settings. Asking the user to periodically check and install available updates will help manage any unplanned reboots.
Learn more about System update settings through the following resources:
If you have any questions, leave a comment on the post below or reach out to @IntuneSuppTeam on Twitter.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.