DDS - iOS Patching

iOS Patching Process for DDS Managed Devices

Mobile device security has never been a more critical need, as our mobile devices including iPhones and iPads face a growing threat from malware and malicious exploits. Unlike comparable desktop operating systems, Apple releases security patches only for the most recent version of iOS. In preparation for the planned release of Apple’s newest version of iOS this coming fall, OIT Dedicated Desktop Support (DDS) has developed a new user notification and update process to keep DDS-managed iOS devices secure. Beginning on August 8 2019, DDS will now cause Apple iOS security updates to install automatically on DDS-managed devices on a planned schedule.

Self Service Notifications - Action Required

Since iOS security updates always require a reboot of the device, DDS will send advance notice to users of DDS-managed iOS devices to announce a pending reboot. We recommend that DDS users open Self Service for the first time and choose “Allow” so that they do not miss these critical reboot notifications.

If you have previously disabled notification for this app, go to Settings > Notifications > Self Service and allow notifications for the app there.

Update and Notification Process

For users who have enabled Self Service, the iOS patching process will follow this planned testing and notification timeline:

  1. Whenever Apple releases new iOS security updates, DDS will test the update in its software testing group, usually for the remainder of the business week after release.
  2. After DDS approval of an iOS update (usually by the Friday of the same business week) DDS will issue a notification to users of managed devices via the Self Service application informing them that an update is available and when their device will reboot after a specific date. Here are examples of the notifications and of the full text in the Self Service app:
    Screenshot of example warning notification with text "Your device will reboot after 4:00 PM MDT on August 1st to Install Updates"
    Screenshot of example warning in app with text "Your device will reboot after 4:00 PM MDT on August 1st to Install Updates"
  3. After a multi-day grace period, usually after 4:00 PM MDT on the following Thursday, DDS will instruct any managed devices not yet running the latest version to automatically update and reboot. Any affected devices will reboot soon after.

Updating Proactively

Users also have the opportunity to install the update and reboot proactively on their own time-table, during the interim between when Apple releases an update and DDS pushes the update to devices.

If an iOS software update is available but not yet installed, by default a badge icon on the Settings app will notify users of this, which users can install by going to Settings > General > Software Update:

More Information and Support

For any questions about this process or iOS management in general, DDS users can reach out to their support team by submitting a request on the DDS portal (https://desktopsupport.colorado.edu)