Introducing Managed OS for iOS, iPadOS, and tvOS

Kandji has new Managed OS Library Items for iOS, iPadOS, and tvOS. This expanded operating system support is now available to all customers.

Managed OS enables administrators to automate operating system updates, even major OS upgrades. That makes it a critical tool for keeping device fleets secure. It also gives users a transparent update experience, so they know exactly what is happening on their devices. 

The addition of Managed OS Library Items for iOS, iPadOS, and tvOS gives Apple admins a simple way to enforce updates to those operating systems. Instead of relying on users to update their devices, or manually sending commands to devices when you want to update them, you add the appropriate Managed OS Library Item to the Blueprint those devices are assigned to. Kandji will then take care of the rest.

Enforcing Operating System Updates

There are two ways to enforce Managed OS updates:

Automatically enforce new updates: You can enforce updates as they are released by Apple, with deadlines for users to comply ranging from 1 week all the way out to 3 months. The update will automatically download and be cached on the user's device a few days prior to the enforcement deadline. (If they choose to update the device before the deadline, that cache will make the process more efficient.) Upon reaching the deadline, users will be prompted to update, ensuring they are compliant with your company policy.

Manually enforce a minimum version: This option is useful if you want to make sure your devices are running a specific version of an operating system (at a minimum). For example, if you set your minimum version to iOS 15.6.1, only devices that are running versions of iOS earlier than 15.6.1 will be required to update to the latest version available from Apple. This can be helpful when you want to level up your fleet, but also to ensure that newly enrolled devices are at that minimum level no matter what version came preinstalled on them.

Scheduling Operating System Updates

Since these updates require a restart, we’ve also enabled you to select a time of day and time zone for enforcement, so that you can minimize the impact on user productivity.

For devices that have a passcode, iOS and iPadOS require the user to enter it for any OS update to proceed. At the defined enforcement time, the user will be prompted to install the update. On iOS 15 or later, they can defer this Managed OS prompt up to three times or proceed right away. 

OS updates can already be deferred for up to 90 days using the Restrictions Library Item. This ensures you have time to approve updates in your environment before they are offered to your users by their devices. But, if a user has disabled auto-updates in the Settings app, they will not see these updates. This is where Managed OS can help: Kandji will prompt the user for OS updates, whether they have auto-updates enabled or not. These prompts cannot be dismissed indefinitely; again, after three such dismissals, the user must update.

Knowing the update status of the devices in your fleet is just as important as actually doing the updating. In addition to letting you manage the update cadence, each Managed OS Library Item also provides easy visual indicators to show you the update status for the devices you’re managing.

For more on how Managed OS for iOS, iPadOS, and tvOS, check out our video:

For more details on how to configure Managed OS for iOS, iPadOS, and tvOS, see our support article. 

Note: This post was updated 11/30/22 to indicate that Managed OS for iOS, iPadOS, and tvOS had emerged from the preview stage of release to general availability. For more on Kandji's release stages, see our support article.