How to block iOS updates

Headshot of Andrea Pepper, SimpleMDM writer and MacAdmin
Andrea Pepper|Updated December 28, 2023
General IT Article background
General IT Article background

A common query for MacAdmins is this: How can we prevent our devices from updating to the latest version of iOS?

Blocking or delaying a software update is when an administrator intentionally prevents installing the latest software version via automatic download because of potential risks or issues it may pose to the organization's functional digital environment. This can be done by postponing the update until it's been thoroughly tested or disabling automatic updates in the system settings.

Why block software updates?

Organizations often want to vet the latest iOS release before population deployment, verifying that their business-related apps will continue functioning correctly on their devices. By delaying the deployment of the newest version of iOS within their organization, they buy additional time to run these checks before green-lighting the upgrade.

Let's break it down further. Enterprise organizations may want to block the latest iOS updates for any of these reasons:

  • Compatibility: New updates may contain changes incompatible with existing enterprise software or applications and can cause functionality issues. By blocking updates, organizations can first test the compatibility of these updates before rolling them out.

  • Stability: New updates occasionally come with bugs that can lead to system instability. It's often safer for organizations to stick with a slightly older, well-tested version of the system software until any bugs have been identified and fixed.

  • Training and support: Sudden changes in the OS can lead to confusion among employees and might require additional training and increased IT support. By delaying updates, organizations can adequately prepare their teams for any changes.

  • Bandwidth: If an organization has hundreds or even thousands of devices, simultaneous downloading of a significant iOS update can significantly impact network bandwidth (especially during business hours).

  • Control: By managing the deployment of iOS updates, organizations can maintain more control over their tech environment and ensure all changes align with their more extensive IT strategies.

The official method

Starting with iOS 11.3 and macOS 10.13.4, MDM administrators can specify the number of days to delay a software update, with a maximum delay of 90 days (or 3 months). With this option enabled, the device user will see a software update once the specified number of days has passed since the release.

To enable this feature, iOS devices must be in supervised mode.

Other methods to block iOS updates

Before iOS 11.3 and macOS 10.13.4, Apple did not provide a means to block or delay OS software updates, either within iOS or macOS or via MDM. But MacAdmins are a savvy crew. We have seen these standard methodologies used by our customers:

Block the update servers

Blocking communication with the Apple update servers at the company network level may also help prevent updates. By disallowing traffic to the update servers on the company network, devices will be unable to update themselves. 

The pitfall of this methodology is that the device can update itself if it joins a different Wi-Fi network or has a cellular connection.

We are aware of two update servers: 

Unconfirmed, but these may also be update servers:

Apple doesn't publish an official list of all their update servers, and these URLs can change, or additional ones can be used. It's also important to note that these are base URLs and actual update files are generally served from various subdomains. 

Blocking these servers to prevent updates can have unintended side effects, as many of the domains serve content beyond just software updates — such as app updates and system function-related data. Therefore, it's recommended to control software updates through device management policies rather than trying to block Apple's servers.

Ask users to delay updating

Send an announcement to all staff requesting that they hold off from updating their devices. iOS will always prompt users before it begins an update, and a user can prevent the device from updating by denying the prompt. The most effective company announcements generally disclose the concerns of updating early, including the potential incompatibilities with business-related apps. This helps staff understand how an early update may negatively affect them and aligns them with the company's interests.

So yes, this is an option — but as all IT professionals know, human error is preferably avoided whenever possible.

In short, it's a double-edged sword. On the one hand, delaying the release of an iOS update can prevent a situation where users are not able to use apps they depend on due to software incompatibilities. On the other hand, it can leave devices with outdated versions of iOS, which may have publicly known security vulnerabilities, exposing your organization to much more significant risks. No one likes to accumulate tech debt; the safer enterprise option will always be to stay updated, compliant, and continually evolve with technology as far as your budget permits.

One thing to consider when deciding to upgrade or not is what the specific upgrade is for. If it's a minor update — for instance, an update from 9.3.2 to 9.3.5 — it likely contains security fixes. It also is unlikely to have any incompatibilities with existing apps. If the update is a major one —for instance, 9.3.5 to 10.0.1 — there will be a higher risk of finding incompatibilities with apps.

Planning for the future

Ideally, your organization is ready for iOS updates on the day of its release and can avoid having to delay updating altogether. Apple makes the GM (the version slated for public release) of major iOS updates available before the release date, often a week or more in advance, and these versions can be tested by IT beforehand.

While there can be reasons to delay software updates, it's essential to consider the benefits of updates, such as enhanced security, new features, and performance improvements. That's why organizations should always maintain a balanced approach: They admit new updates only after proper testing and compatibility checking but within a prioritized time frame of fewer than 90 days.

SimpleMDM is a mobile device management solution that helps IT teams securely update, monitor, and license Apple devices in minutes while automatically staying on top of Apple updates.

Headshot of Andrea Pepper, SimpleMDM writer and MacAdmin
Andrea Pepper

Andrea Pepper is an Apple SME MacAdmin with a problematic lack of impulse control around a software update prompt. When not poking at machines, Pepper enjoys being a silly goose in sunny Colorado with her two gigantic fluffer pups.

Related articles