Product Documentation

Control OS Updates device policy

The Control OS Updates device policy lets you deploy:

  • The latest OS updates to supervised iOS devices.

    For devices running iOS 10.3 and later, the Control OS Updates policy works on supervised devices. For devices running a version earlier than iOS 10.3, the Control OS Updates policy works on devices that are both supervised and DEP-enrolled.

  • The latest OS and app updates to DEP-enrolled macOS devices running macOS 10.11.5 and later.

  • The latest OS updates to supervised Samsung SAFE devices.

    For Samsung SAFE devices, XenMobile sends the Control OS Updates policy to Secure Hub, which then applies the policy to the device. The Manage > Devices page shows when XenMobile Server sends the policy and when the device receives the policy.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

iOS settings

Image of Device Policies configuration screen

  • OS update options: Both of the options download the latest OS updates to supervised devices according to the OS update frequency. The device prompts users to install updates. The prompt is visible after the user unlocks the device.
  • OS update frequency: Determines how frequently XenMobile checks and updates the device OS. The default is 7 days.

macOS settings

Image of Device Policies configuration screen

  • OS update options: Both of the options download the latest macOS updates according to the OS update frequency. You can choose to install the updates or notify the user through the App Store that updates are available.
  • OS update frequency: Determines how frequently XenMobile checks and updates the device OS. The default is 7 days.

Get status for iOS and macOS update actions

For iOS and macOS, XenMobile doesn’t deploy the Control OS Updates policy to devices. Instead, XenMobile uses the policy to send these MDM commands to devices:

  • Schedule OS Update Scan: Requests that the device performs a background scan for OS updates. (optional for iOS)
  • Available OS Updates: Queries the device for a list of available OS updates.
  • Schedule OS Update: Requests that the device performs macOS updates, app updates, or both. Thus, the device OS determines when it should download or install the OS and app updates.

The Manage > Devices > Device details (General) page shows the status of scheduled and available OS update scans, and scheduled macOS and app updates.

Image of Device details screen

For more details about the status of update actions, go to the Manage > Devices > Device details (Delivery Groups) page.

Image of Device details screen

For details such as available OS updates and the last installation attempt, go to the Manage > Devices > Device details (Properties) page.

Image of Device details screen

Image of Device details screen

Samsung SAFE settings

Samsung Enterprise FOTA, also referred to as E-FOTA, lets you determine when devices get updated and the firmware version to use. To use E-FOTA:

  1. Create a Samsung MDM License Key device policy with the keys and license information you received from Samsung. For more information, see Samsung MDM license key device policy.
  2. Create a Control OS Updates device policy to enable Enterprise FOTA.

    Image of Device Policies configuration screen

    • Enable Enterprise FOTA: Set to On.
    • Enterprise FOTA License Key: Select the Samsung MDM License Key device policy name.

Control OS Updates device policy