Prevent users from installing iOS beta software in VMware Workspace ONE UEM by AirWatch

While researching options to delay iOS update from being installed on user’s devices once iOS 12.3 is released, I noticed a number of devices already had iOS 12.3 installed which was not released at the time of this writing.

iOS123-2.png

Curious, I dug deeper and thanks to the VMware community, I learn that Apple users can download and install beta software to their devices pretty easily by participating in the Apple Beta Software Program.

While this is perfectly fine for Apple enthusiasts or for those who wish to jump-start in testing prior to the actual release, in my opinion, this is a big No-No on devices used for day-to-day functions. If any issue arises, there’s no official support from any vendor and you may end up losing everything by restoring your device to the original supported version.

I also learned through the VMware community that a new profile is installed onto the device as part of the beta install.

iOS123-1.png

However, I notice only corporate-owned devices show the additional profile in Details View but not employee-owned devices. This can be changed under GROUPS & SETTINGS -> All Settings -> Devices & Users -> General -> Privacy.

Groups & Settings _ All Settings - Google Chrome 2019-05-01 10.24.28.png

To prevent users from installing this or other profile manually, it’s as easy as unchecking the box below within the restriction payload. It does, however, require that device be supervised before this setting will take effect.

iOS123-4.png

Surprisingly though, VMware support mentions that even with this option turned off, the user can still download the .ipsw file and install it via iTunes (assuming the version is still signed by Apple.) To prevent this on a supervised device enrolled with a DEP profile blocking device pairing, you can also turn on the option below.

iOS123-5.png

As a reminder, you can delay the iOS update on any supervised device for up to 90 days from when it is released to the public. Check out my blog titled Managing iOS update with Workspace ONE UEM for further details.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.