Managing OS updates on devices with MDM controls activations
You can't control when software releases are installed on devices with
MDM controlsactivations; however, you can use compliance profiles to help manage devices that users have updated to an OS version that your organization doesn't allow. For example,
Android10 and later devices do not support
MDM controlsactivations. If users with
Android9.x devices upgrade to
Android10, some device management features will no longer work, leaving the device in a compromised state. You can use device groups and compliance profiles to detect
Androiddevices with the
MDM controlsactivation type and set compliance rules to take appropriate action, such as notifying the user, untrusting the device, or unmanaging the device.
Follow these steps to manage OS updates on devices with
Create a device group that includes devices that conform to the following parameters:
If a user upgrades a device to the specified OS it automatically becomes part of the device group.
In the compliance profile, specify the enforcement action that is appropriate for your organization. For example, you can notify the user that their activation type is not supported by the device OS and recommend reactivating the device with a different activation type, or you can deactivate the device.