iOS updating via Intune management

Copper Contributor

Our scenario is that we have a number of iPads installed aboard aircraft for use with search and rescue operations. We want to deploy an iOS update policy that ensures they are all kept up to date but what we absolutely don't want is an iPad rebooting to install an update mid-flight! They are all managed through Intune.

 

The issue is how to prevent that as they are connected to power and they are connected to an on-board wifi - so they effectively fulfill the requirements for just installing the update as soon as they check in. Grouping them to allow it at certain times is not an option as there is no scheduled "downtime", they are on call 24-7.

 

Keen to hear your suggestions and thank you in advance

7 Replies

since cannot make use of the force update when check-in and restart.

i suggest using the compliance policies and notification and set grace period so users update their device manually instead. when grace period is up and device becomes non-compliant, they will definitely update the device manually.

Thanks, I guessed that may be the option but it wasn't the desired outcome. End users can't be relied on to run the updates

Hello @ChrisJ_NZ
This is a very special case!
How many devices are we talking about? 

Have you look into create a profile via Apple Configurator2 (Only for supervised iOS)? 
There are several payload where you could customize payload/settings from the device level, and after you customize the profile, then you can upload it to intune. 

Best regards
Shady Khorshed


Because of how varied your use case is, my suggestion is to deploy an update policy broken into 3 groups. Each group has a different time window for updates.

Step 1: Great 3 security groups in Intune. If you have 3 aircrafts per site with iPads, put each of those iPads into different groups. Make sure the iPads are clearly labeled for you and the aircraft operator.
Step 2: Create an update policy with different 2 hour windows for "update during scheduled time".
Step 3: Inform your staff of the update window times for each device/aircraft.
Step 4: Keep tabs on Apple's iOS/iPadOS update releases via AppleSeed or another notification platform.

Otherwise, I see no way other than manually going to each device to start the update, when you know it's out.

*iOS/iPadOS 17 will introduce more granular control for updates via MDM commands. You can set time windows, have updates download but not install until user check in.... a bunch of stuff.
However, I don't know when Microsoft will incorporate that into Intune. It might take a few months, or it could take over a year like the situation with the much anticipated Platform SSO for Mac.
Nice answer.

I would add if a functional device is critical to flight operations you should consider having a backup device on all flights. Doubling your per aircraft device budget this would provide you with backup hardware and the ability to have offset update schedules.

If having two devices is a factor of weight then you could always keep 1 device at base and colour code the cases depending on the schedule. I.e red for days 7-17 and blue for 22-2 (giving you a gap between the updates)
Hi Shady,
Yes it is a bit unique. Currently around 55-60 devices but I do have the advantage of an on-site IT manager to micro manage the devices as well but as they are geographically dispersed that is also a challenge. I think the best option I have come up with is to create an update profile for each iOS update and then assign the devices to that. From my testing with 5 devices the update will not start to install unless the device is idle but as the on-site manager can add devices to that profile then he will at least have some control over it.
Thanks, yes this or similar is probably how I will proceed