iOS6 - Will it allow MDMs to block iOS OS Updates?

LiNuXbOx's picture

LiNuXbOx

Joined: Jul 18, 2012
No votes yet

One of the big frustrations from an ongoing cost of managing enterprise apps is the cost associated with keeping your apps up to date for each new iOS OS revision and unfortunately iOS 5x and below don't allow MDMs to manage this.

Has anyone heard if Apple will allow MDMs to manage iOS updates in iOS 6?

thanks

Tim

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

Good question. I haven't

Your rating: None

Good question. I haven't heard one way or another.

I'll remind everyone that iOS 6 is covered by Apple's non-disclosure agreement. We don't wish to get anyone in trouble, so we won't discuss any experiences with unreleased software until launch. (But if some other site posts info, I would allow a link.)

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
Pyby's picture

Pyby

Joined: Feb 29, 2012

As Aaron said, we can't

Your rating: None

As Aaron said, we can't discuss about iOS6 in public because of the NDA.

Today, no tools from Apple block iOS update. And I think, it won't arrive quickly. Why?
With iTunes, Xcode or Apple Configurator, you can "manage iOS version on a iOS, when you restore a device. But in reality, each time you want to restored an "old" iOS version (not the last one), most of the time, you can't because of Apple server verification. Apple accepts most of the time only the latest iOS version.

Even if MDMs can block iOS updates, if a device has to be restored, the latest iOS version will be installed.
Apple has to accept first to allow users to run and restore the iOS version they want, but for security reason (and global iOS platform, dev, services…), I don't see Apple allowed this.

The same idea arrives on Mac. If you didn't save a Lion installation from the Mac App Store, you can't find the 10.7.0 installation today. The Mac App Store delivers only the latest Lion version installation (Today 10.7.4).

Top
bradleychambers's picture

bradleychambers

Joined: May 8, 2012
WWW

I haven't seen anything

Your rating: None

I haven't seen anything regarding additional MDM API's.

A well pirched birdie told me that app installation without end user interaction is coming. I'd also like the ability to set to do the updates at a certain time (for OS and apps)

Top
bdogd's picture

bdogd

Joined: Nov 19, 2010

User is King

Your rating: None

A foundational tenet of iOS Management is that the user is King. Stopping the king from updating whenever they want would bring down the kingdom! Smile

As much as you hope for a feature like that, I dare say it isn't coming.

Top
ScottWW's picture

ScottWW

Joined: Aug 8, 2012
WWW

Agree with bdog!

Your rating: None

Apple does what is good for the user not what is good for the Admin. We had Apple in the other day for a Security briefing and they had a whole section of slides dedicated to how iOS users update their devices unlike Android users. I would find it really hard to believe they would ever change the system to take away something they view as a big advantage.

Now on the other hand, you can do this through MDM. None of my clients do this today but theoretically it is possible. You could deny access to the network or Activesync based on operating system version. Most people do this to eliminate older operating systems but it could certainly be done for new ones as well.

Top
TechTimm's picture

TechTimm

Joined: Aug 22, 2012

What MDM allows this?

Your rating: None

ScottWW,

Can you please elaborate, even for me.
The issue for me is I have 1000's of devices that once iOS 6 rolls out, will tell the users to update their oS.
Being that they are on a wireless network and hundreds of them in the same location, this is a logistical nightmare for us.
So much so that we are afraid of the data stream demand taking our network down.

Any help is appreciated!
TechTimm

Top
bdogd's picture

bdogd

Joined: Nov 19, 2010

Blocking iOS 6 updating

Your rating: None

If the problem is that you don't want users to do what you don't want them to do, and you can't stop them from doing it, at least you can stop it from working at a place you control.

How about blocking the *.apple.com domain from the firewall, so that when users are on your LAN and eating your bandwidth, they can't all update at once.

They could do it at home, or at Starbucks, OR on a private SSID you make just for this purpose. There isn't a way to cache the update.

Maybe you don't need to block the whole domain, but I'm sure you can Google and find which particular sites the download request and file comes from.

Good luck and way to think ahead!

Top
babybluetx23's picture

babybluetx23

Joined: Mar 22, 2012

RE: iOS6 - Will it allow MDMs to block iOS OS Updates?

Your rating: None
LiNuXbOx wrote:

One of the big frustrations from an ongoing cost of managing enterprise apps is the cost associated with keeping your apps up to date for each new iOS OS revision and unfortunately iOS 5x and below don't allow MDMs to manage this.

Has anyone heard if Apple will allow MDMs to manage iOS updates in iOS 6?

thanks

Tim

We use our iphones as a VOIP type device throughout the hospital. with that being said, we simply blocked the URL for the iOS6 update from the firewall. voila! they are unable to update the iphones to iOS6. Its SORT of a workaround till we can test it in a controlled environment.

Top
D80Buckeye's picture

D80Buckeye

Joined: Oct 6, 2012

Blocking the traffic via the

Your rating: None

Blocking the traffic via the firewall is the most effective (and only) way to do it if you're solely using an MDM solution. The biggest loophole here is if someone jumps off of your network and onto something not under your control.

If you leverage Apple Configurator to supervise your devices AND an MDM solution you can systematically restrict OTA iOS updates.

Top

Who is online?

There are currently 0 admins, 0 users and 11 guests online. Connected users: .

Recent Activity