Google is starting to force everyone down the Android Enterprise route in order to increase the distribution of GMS and also to reduce the Android version fragmentation that Apple always calls them out for. As a result, I am not sure they will provide an official AE management API for blocking OS Upgrades that EMMs like SOTI could expose as a configurable Feature Control. I could be wrong about this of course, but I think you're only options might be to use either an OEM specific Management API like a Zebra MX profile or a "Dirty config" (a Raymond Chan term) of blocking the access to the Android upgrade servers at the network level. You could disable USB and SD card access through the Feature Control so it would limit the other methods for applying an OS Upgrade as well. 

Thanks for the information.  We also have access to the Blackberry UEM and I confirmed there is no such option on there for AE, either.  

As you said, there are a few dirtier options to manage updates that I will have to explore.

Thanks for the response.

Hey Sean,

If you refer to the online help (Script Command Reference Guide) at this link, about half way down the page you'll see the set_system_update_policy script command. This only works with Android Enterprise Work Managed Devices. 

We have yet to create a policy as Google has made some changes to how this will work as of Android P.

Just a note here as well this script expires 30 days after it hits the device. Devices will revert to their standard Automatic Update settings at that time.

Hi Hafeez,

I am aware of that documented command for over a year, but have no AFW device with available firmware update to test out the various options of this command.  Have you seen it in action on any real device(s) before?

Also,  there is conflict between the syntax description and the example script in the document.  To postpone update for 30 days, should it be

  set_system_update_policy3

OR

  set_system_update_policy  3     

?

Hey Raymond, 

You're correct there is a spacing issue in the document, I'll have that corrected.

The correct syntax is: set_system_update_policy <policy type> [start time] [end time]

Example: set_system_update_policy 2 180 360

We have seen this work on many devices, the tricky part is the 30 day expiry.

As mentioned we're looking at how to better support this feature.

I just tried this script on a Samsung Galaxy s9 running Android 8.0 and get the error "Script command is not supported by device (set_system_update_policy)", FYI.

Sean, 

Is the device provisioned as a Work Managed Device or a Work Profile device.

If this is a Work Managed Device, your next steps will have to be to call in to SOTI Support as this may be caused by multiple things.

My suspicion is you're using an older AE agent but our Support Staff will be able to get you all sorted out.

I tried it on a Zebra TC51 and a Samsung SM-T380 tablet both running N in a Managed Device AE enrollment on MobiControl 14.1.3 and the script did not throw back any errors. I'm not sure where you can actually validate that the setting was applied correctly however. 

It's a Work Managed Device.  I've sent the information to Soti support to see if we can get the script running on this device (or another way of blocking OS updates).

Do you know anything more about this?

Hello Gaspar,

Have you been able to try the script command (set_system_update_policy) which has been posted above? Please note that this will only work on a Work Managed Device and not a Work Profile device which you can verify by selecting the device in your web console, the information will be under device details in MC version 14+ or under hardware details in MC version 13.XX. 

If you are still unsure of where to check this or are still having issues applying the update policy script to the device it maybe a good idea to contact support so we can verify your device compatibility and assist you in sending the update script.