Skip to main content
Jamf Nation, hosted by Jamf, is a dynamic and knowledgeable community of Apple-focused IT admins and Jamf Pro users. Join us in person, in October, for the annual Jamf Nation User Conference (JNUC) to discover new and better ways to manage Apple devices.

Block IOS updates through iOS restrictions

I was thinking for 1:1 deployments to manage the updates if there could a specific preset under Mobile Devices-Configuration profile-Content Filter -Filter type to specifically block the IOS update servers


Posted: 1/13/16 at 10:54 AM by gbeidleman

Yes and/or... a toggle button under: Restrictions > Functionality
that gives us a 1 step "Allow iOS updates" option similar to turning the App Store on or off.

Reason needed:
As Apple continues to push out IOS updates, we need an easy way to prevent students/staff from updating their devices to avoid that update from breaking the JSS/Self Service.

CCT Badge CCA Badge JAMFBadge

Posted: 1/27/16 at 11:04 AM by timwillmore

Yes, yes, yes! @gbeidleman You have the right idea on where to implement the restriction! If I could vote for this more than once, I would.


Posted: 1/28/16 at 9:38 AM by gbeidleman

Please spread the word!!! @timwillmore :)


Posted: 9/9/16 at 4:30 AM by BadinChuck

This is imperative and shouldn't be considered a 'feature'. If Apple continues to ignore the legitimacy of true roll backs of an iOS update (allowing IT to roll back to the last iOS version within a week or two of the most current update doesn't offer a true option in the real world) then preventing an update in the first place must must be available.

Any OS update should first be put through it's paces in a non production test environment. The final release is all that matters. BETA testing future updates is not the answer in a production environment.

While many people dislike MS, at least their OS and software products offer the aforementioned options.


CCT Badge

Posted: 9/9/16 at 3:32 PM by dmillertds

Unbelievable this doesn't exist, really. I second your MS comment. Love 'em or hate 'em, at least their management concepts match reality and WORK!

Upvote and upvote often.


Posted: 9/13/16 at 12:17 PM by nhennig

Yeah, I tried what OP was suggesting. I added the configuration profile to blacklist the two update URLs. It did not work. All my student iPads can see and install the iOS 10 update. I even have them blocked in our lightspeed filter. No luck.

This is how I attempted to do it through Lightspeed:


Posted: 9/16/16 at 10:05 AM by dosman1

I vote yes for the implementation of the restriction! Thanks!


Posted: 10/25/16 at 2:35 PM by bvondeylen

It would also be advantageous for the fact that when an iOS update is released, the servers get bogged down and everything becomes slow. If we could incrementally deploy the iOS updates when the servers are better, a little at a time, it would benefit our networks as well. We have 2,500 iPads. When an update is released, we do not need 2,500 iPads updating.

CCT Badge

Posted: 10/25/16 at 7:48 PM by cdenesha

The Content Filter is only used for web browsing so it won't work. You can block with a global proxy file (PAC.js).

CCA Badge CMA Badge

Posted: 10/25/16 at 8:00 PM by mchit

@cdenesha How do we use that a global proxy file (PAC.js) to block it ? Could you please share any link or info ? Thank you. :)

CCT Badge

Posted: 10/25/16 at 10:37 PM by cdenesha

@mchit Check out this post!


Posted: 10/26/16 at 9:36 AM by alex.wyatt

I think this qualifies as an "Apple has to allow it first" thing...but I agree 100% that they need to implement it!


Posted: 9/13/17 at 3:08 PM by cindy.murphy

I am hoping this is has been updated and I can block iOS11. Is this possible?

CCT Badge

Posted: 9/19/17 at 5:52 PM by ChicagoGuy1984

I really need to block users from Updating to IOS 11.0 - it breaks our VPP managed apps. Apple really needs to start to try harder. Other than the iPad Pro, I am not impressed with anything they have released in the past 18 months. Hardware and Software!