On Tuesday, January 26, 2021, Apple released iOS and iPadOS 14.4. As with previous releases, each new OS update is available to all Apple devices capable of running iOS and iPadOS 14.

If you’re an IT admin, you should evaluate how you want to approach the latest release. Do you want to accelerate or slow down the updates? One concern we often hear about is that the apps that a company is deploying may not be compatible or may not have been tested with the latest release.

Alternately, you may wish to accelerate the rollout so users can benefit from the new features or security updates. In either case, if you are managing your devices with MobileIron UEM, you have many options. Let’s look at three best-practice steps for rolling out software updates.

Step 1

Tell your users what to expect. This may seem mundane, but sometimes overlooked. When a new OS update becomes available, users are often prompted by the device to update. Providing guidance for users is often the first step. One way to keep employees informed is through push notifications to the MobileIron app on the device. This is often more effective than sending an email because you can target users that are actively using their devices.

Step 2

Consider deploying configurations that accelerate or delay software updates. This only applies to supervised devices (typically those institutionally owned.) Admins can force software updates or defer them for up to 90 days. These configurations can also be distributed to select device groups. For instance, some higher-risk devices might warrant forced updates, while other devices might prioritize business continuity and choose to defer updates.

screenshot: software update settings

Step 3

Enforce that resources such as data, apps that access company data, and enterprise services are only accessible from compliant devices. Even before a device is enrolled and is given access to company resources, you can decide that only desired OS versions can be enrolled.

For devices that are already managed, MobileIron’s compliance engine can evaluate thousands of attributes—including the current OS version—and can specify device actions such as notifying the IT staff of a posture violation. Additional options include: 1) blocking a device from accessing company resources that sit behind the firewall; and 2) restricting access to common cloud services like Office 365 or Salesforce using MobileIron ZSO. Admins taking a more stringent approach may decide to implement a quarantine that removes data, apps, and configurations from the device until it comes back into compliance—for example when the end user updates to the latest version of iOS or iPadOS.

Using these three steps, IT admins have the tools needed to actively manage new OS versions across the organization.

For existing MobileIron Core customers, we’ll be updating the Device and Platform Updates (DPU) on January 29, 2021. You can find more details in MobileIron’s support portal.