Managing OS updates on devices with MDM controls activations Skip Navigation

Managing OS updates on devices with 
MDM controls

You can't control when software releases are installed on devices with 
MDM controls
 activations; however, you can use compliance profiles to help manage devices that users have updated to an OS version that your organization doesn't allow. For example, 
 10 and later devices do not support 
MDM controls
 activations. If users with 
 9.x devices upgrade to 
 10, some device management features will no longer work, leaving the device in a compromised state. You can use device groups and compliance profiles to detect 
 devices with the 
MDM controls
 activation type and set compliance rules to take appropriate action, such as notifying the user, untrusting the device, or unmanaging the device.
Follow these steps to manage OS updates on devices with 
MDM controls
Step 1
Create a device group that includes devices that conform to the following parameters:
  • MDM controls
     activation type
  • Device OS version that you want to restrict
If a user upgrades a device to the specified OS it automatically becomes part of the device group.
Step 2
Create a compliance profile and specify the device OS version as a restricted OS version.
Step 3
In the compliance profile, specify the enforcement action that is appropriate for your organization. For example, you can notify the user that their activation type is not supported by the device OS and recommend reactivating the device with a different activation type, or you can deactivate the device.
Step 4
Step 5
Optionally, create an event notification to inform administrators when a device is out of compliance with the compliance profile.