OS Update Policy

The OS update policy allows you to manage system updates for Android, macOS, and iOS/iPadOS devices. You can configure to install OS updates automatically or during a maintenance window. This allows you to install system updates without user interaction.

Before you begin

Prerequisite for the iOS/iPadOS devices to support OS update:
  • On iOS 10.3 and later, supported Software Update commands require supervision but not DEP enrollment. That means the device could either be OTA enrolled or DEP enrolled. If there is a passcode on the device, a user must enter it to start a software update. ​
  • Prior to iOS 10.3, the supervised devices need to be DEP-enrolled and have no passcode​.
  • Updates will not be installed if the battery level falls below 50% unless plugged in.

About this task

Creating an OS update policy

To create an OS update policy, perform the following steps:

Procedure

  1. Log in to BigFix WebUI.
  2. Go to Apps > MCM.
  3. Click Create Policy on the top right corner.
  4. From the list of policy types, select OS Update Policy. The OS Update Policy page appears.

  5. Under the General Settings section, enter the OS update policy name and description.
  6. Select the Operating System.
  7. From the Assign Policy to Site dropdown, select the desired site.
  8. Configure the OS specific settings.
    Android System Update
    This section appears when you have selected Android as the operating system. This functionality is available only for fully-managed or dedicated devices, and are running Android version 10 or later. Select the required Update Type.
    • Automatic: Installs system updates (without user interaction) once they become available. Setting this policy type immediately installs any pending updates that might be postponed or waiting for a maintenance window.
    • Windowed: Installs system updates during a daily maintenance window (without user interaction). Set the start time and end time of the daily maintenance window to create a windowed policy.
    • Postponed: Postpones the installation of system updates for 30 days. After the 30-day period, the system prompts the device user to install the update.
    iOS/iPadOS System Update
    This section appears when you have selected iOS/iPadOS as the operating system. For iOS/iPadOS, system updates can only be performed on supervised devices. An open action is created when deploying this policy that will periodically perform the selected update type.
    • Version: This lists available versions found in the environment for updating to specific versions, or can chose "Latest" to update to latest regardless of version.
    • Update Type:
      • Download and Install: Downloads or installs the system update depending on state of device. Two applications of the policy action will be required for the update to be installed.
      • Download Only: Download the software update without installing it.
      • Install Only: : Installs a downloaded update.
        Note: : If no passcode is set on the device, the device restarts without prompting end user when performing an install. If passcode is set, device user is prompted to install the update; user also can decline.
    • Apply Frequency (Days): Select an option from the dropdown to set the frequency in which you want to run the system updates.
    macOS
    These sections appear when you have selected macOS as the operating system.
    • General macOS System Update Settings: Configure the macOS software update settings and specify whether Mac automatically checks for and downloads new updates.
    • macOS Delay Update Settings: Configure the settings as needed to delay the appearance of new system software updates on supervised devices for a maximum of 90 days. This feature enables organizations to test critical applications and infrastructure with the new update before deploying it.
  9. Click Save.

Results

The OS update policy is created and can be added to a policy group to deploy onto Android, iOS/iPadOS, and macOS devices as applicable.