Category filter
How to enforce OS updates on your managed devices?
Enforcing OS updates ensures device security, regulatory compliance, and system efficiency by remotely deploying the latest firmware patches across Android, iOS, macOS, and tvOS platforms.
Importance of OS Update Enforcement
Timely updates mitigate security risks like malware, prevent data breaches, and ensure compatibility with modern software while maintaining optimal system performance and employee productivity.
- Security Risk Mitigation: Postponing updates increases susceptibility to malware and cyber-attacks.
- Performance Optimization: Outdated systems often experience increased latency and reduced operational efficiency.
- Software Compatibility: Modern applications may fail to function correctly on outdated operating systems.
- Regulatory Compliance: Deployment ensures adherence to industry standards and avoids corporate compliance risks.
Platform Compatibility and Prerequisites
Successful deployment requires specific enrollment states and system configurations tailored to Android, Apple, and TV platforms to ensure seamless over-the-air installation.
Device Support Requirements
| Platform | Required Version/Condition |
|---|---|
| Android | Version 5.0+; Custom ROM configured; Hexnode System Agent app in /system/priv-app directory; signed by OEM. |
| iOS | Supervised devices running 10.3 or above (or DEP-enrolled for lower versions). |
| macOS | Supervised macOS devices. |
| tvOS | Apple TV running tvOS 12 or above. |
General Prerequisites
- Battery Life: Ensure the device is sufficiently charged before initiation.
- Storage Space: Verify the device has adequate available storage for the update package.
Step-by-Step OS Deployment Guide
Administrators can trigger OS updates globally or per device through the Hexnode UEM console’s management tab by selecting the “Update OS” remote action.
- Navigate to the Manage tab in the Hexnode portal.
- Select target entities (individual Devices, Users, Device Groups, User Groups, or Directory Services).
- Navigate to Actions > Updates > Update OS.
- Configure the deployment based on the target platform as detailed below.
Android Configuration Details
Android updates require a specific firmware URL and MD5 file hash to verify data integrity and ensure the package is bootable via ADB sideload.
- Update file URL: Provide the direct link to the update ZIP file.
- File hash: Enter the MD5 hash of the ZIP file to serve as a checksum for data integrity.
Installation Mode:
- Automatically install the update: Executes the update without user intervention.
- Prompt user to install the update: Allows the user to trigger the installation manually.
Ensure the firmware package is bootable via Android Debug Bridge (ADB) sideload to prevent device bricking.
Apple (iOS, macOS, tvOS) Configuration Details
Apple devices support two deployment modes—Download Only or Download and Install—with specialized options to bypass passcodes on iOS for forced installations.
- Download Only: Downloads the update to the device storage only.
- Download and Install: Downloads and immediately executes the installation over the air.
- Clear Passcode to Force Update Installation (iOS only): Bypasses the user password requirement on protected devices to approve the update.
Troubleshooting Guides
| Problem | Potential Root Cause | Resolution |
|---|---|---|
| Update stalls on iOS | Device is passcode-protected and requires user approval. | Enable the Clear Passcode to Force Update Installation option during deployment. |
| Potential “Bricking” on Android | Firmware package is not compatible with ADB sideloading. | Validate that the package is bootable via ADB sideload before uploading the URL. |
| Action fails to initiate | Insufficient power or storage. | Verify the device has a high charge percentage and enough storage to accommodate the update file. |
Frequently Asked Questions (FAQs)
What hashing algorithm does Hexnode support for Android updates?
Hexnode supports the MD5 hash, which reduces the file to a fixed-length string to verify data integrity through a checksum.
What happens to the iOS passcode if it is cleared to force an update?
On selecting the Clear Passcode to Force Update Installation option, the device will remain passcode unprotected after the update until the user manually sets a new one.
Can updates be deployed to non-supervised Apple devices?
Updates can be deployed to supervised devices (iOS 10.3+) or devices enrolled through the Automated Device Enrollment Program (ADE) for lower iOS versions.
