September 21, 2015
Posted by on
So you’ve got a whole bunch of iPads out in the field hosting various applications and iOS9 comes out; one of the application vendors tells you his application isn’t quite ready for the latest OS and that you should hold off on updating your fleet. Problem – If you look for an option to disable iOS updates in your MDM suite you won’t find it, this is not a limitation of your MDM provider but more a control that Apple hasn’t provided to them. So if you ask your MDM vendor they will probably say it’s not possible, and as far as I can tell this is indeed the case. I’m going to keep looking but for now the best we can do is suppress the notifications that pop up advertising to all and sundry that a new version is available, but even this is not an out-of-the-box setting so I’m going to explain how it’s handled in AirWatch.
- Create a new iOS profile and in the General section endure that the Assignment Type is Auto using your All Corporate Devices (or similar) Smart group.
- Select the Content Filter payload
- Select Built-in: Deny Websites
- In Blacklisted URLs enter http://mesu.apple.com (Don’t be tempted to use any * here as is common with proxy exceptions as AirWatch doesn’t seem to recognise them and it breaks the string)
- Note that the requirement is iOS 7+Supervised for this to work, so have a read about DEP if your aren’t sure if you are able to meet this requirement.
- Click Save & Publish
Now there’s nothing to stop users navigating through the menus to check to see if there is an iOS update, finding one and proceeding to download and update it themselves, so this is about as good as it gets for now. According to the comments this short article it is possible to use applednld.apple.com via a proxy server (although I think it should be appldnld.apple.com – note no ‘e’ on apple) to disable access to the download location but I didn’t have any joy with this. If I ever get any further with this issue I’ll post an update with the final solution.