iOS Update Best Practices

Not applicable

Hello all, I’ve been managing mobile devices for several years now but only recently (~6 months) moved to Jamf for enterprise wide management. Our device pool currently sits at just over 3,000 iPads, spread over multiple buildings with 2-3x more devices being added soon.

Having prior MDM experience I’ve taken to Jamf well, but there are a few things that are still being tweaked. Like iOS system updates. Like many orgs, we haves config profile requiring passcodes for security. Our devices are on Wi-Fi during the day, and toggle between Wi-Fi and Cellular data in the evening.

Our current workflow works-ish, but I’m looking to change it up for better results in upgrading to iPadOS 13. Any suggestions/advice (preferably based on best practices) would be stellar!

Current upgrade workflow:

•Using test devices, manually perform the update so that Apple cache servers can cache the update per network segment.
•Scope devices based by site and issue passcode reset command.
•Wait 15 mins, then issue update OS command to download and automatically install update.

Thank you!


Contributor III

What are the results you're seeing? You say it works-ish and you want better results, but what's actually happening in your environment. I ask because I struggle with iOS updates as well, finding that I need to clear the passcode, have the device plugged in to power, and the lid to the case open in order for it to even have a snowball's chance in hell. It has gotten worse over the years and I know this isn't the first time I've made a comment to that effect on this forum, so I'd check to see if this isn't sort of a duplicate (it happens). But I am curious how it's going for others that have gone or are going from iOS to iPadOS, so figured I'd comment to bump this back into the feed :)


Currently in the middle of trying to update 14k iPads to iOS 13 here. It has been a week and only about 1700 have checked in with iOS 13 on them. I am pulling my hair out. It is as if the iPads don't even bother getting the commands, or just straight ignore the update one. I am starting to think the easiest way is to separate out the update restriction and just unscope it from the devices I want updated. Then have the users just update with Apples prompts.

Not applicable

To clarify my situation, the updating commands work on some devices flawlessly. Pushing the download and update command effectively has the device downloading the update from our cache servers within minutes and beginning the update process, which completes some 15 mins later.

Other devices, struggle to complete the download or hang during the processing of the update but before the device reboots. They’ll display “Estimating time remaining...” in the Software Update window but stay that way for hours/days without change.

I’ve figured out that the passcodes obviously were a problem since it requires users to authorize the update before installing. Power is a big deal, iPads won’t update unless they’ve got at least 50% power on battery or 20% when connected to a power source.

With those issues overcome, another hanging point is that our devices are LTE+Wi-Fi. I’m not sure if that’s a major obstacle per se, but switching between the 2 signals could be problematic if Apple applies its download restrictions to files over 500MB over cellular.

Beyond that, it’s been pretty smooth as of late with 2/3 of the deployment completed in less time than the initial 1/3 took. But it has been a learning curve.

I feel if the devices were open/not secured, it would be much easier but alas the user can still thwart some of the admin commands unlike the desktop side of things which make for managing macOS a breeze.

I’m open to hearing other admin’s tales to better learn for future deployments. Cheers!