Skip Navigation

Managing OS updates on devices with
MDM controls

You can't control when software releases are installed on devices with
MDM controls
activations; however, you can use compliance profiles to help manage devices that users have updated to an OS version that your organization doesn't allow. For example,
10 and later devices do not support
MDM controls
activations. If users with
9.x devices upgrade to
10, some device management features will no longer work, leaving the device in a compromised state. You can use device groups and compliance profiles to detect
devices with the
MDM controls
activation type and set compliance rules to take appropriate action, such as notifying the user, untrusting the device, or unmanaging the device.
Follow these steps to manage OS updates on devices with
MDM controls
Step 1
Create a device group that includes devices that conform to the following parameters:
  • MDM controls
    activation type
  • Device OS version that you want to restrict
If a user upgrades a device to the specified OS it automatically becomes part of the device group.
Step 2
Create a compliance profile and specify the device OS version as a restricted OS version.
Step 3
In the compliance profile, specify the enforcement action that is appropriate for your organization. For example, you can notify the user that their activation type is not supported by the device OS and recommend reactivating the device with a different activation type, or you can deactivate the device.
Step 4
Step 5
Optionally, create an event notification to inform administrators when a device is out of compliance with the compliance profile.