Category: Scripting

PowerShell One-liner to find out what iOS updates are available for MDM-managed devices

Apple has continually enhanced their enterprise update paths over the last several years. The most recent change came with iOS 14.5 which allowed MDM administrators to send a custom command to that allows organizations to decide whether to stay on an older iOS Major version (iOS 14.x) or allow devices to access a newer major version (iOS 15). This custom command has many challenges to its adoption, and it the release of iOS 15 on 09/20/2021 was really the first time this could be tested in a production deployment.

Although recommendationCadence is a fascinating subject, the purpose of this quick post is the PowerShell one-liner I identified to pull information to know when the update was made available to enterprises. Any simple up/down monitor for a webpage could also track this information, I just happened to have a PS terminal open when I wanted to check this.

(Invoke-RestMethod https://gdmf.apple.com/v2/pmv).assetsets.ios

This command will produce a very simple list of what versions are available.

ProductVersion PostingDate ExpirationDate SupportedDevices
-------------- ----------- -------------- ----------------
8.0 2021-09-20 2021-12-19 {Watch3,1, Watch3,2, Watch3,3, Watch…
15.0 2021-09-20 2021-12-19 {AppleTV11,1, AppleTV5,3, AppleTV6,2…
5.3.9 2021-09-13 2021-12-19 {Watch3,1, Watch3,2, Watch3,3, Watch…
7.6.2 2021-09-13 2021-12-19 {Watch3,1, Watch3,2, Watch3,3, Watch…
14.8 2021-09-13 2021-12-19 {iPad11,1, iPad11,2, iPad11,3, iPad1…
7.6.1 2021-07-29 2021-12-12 {Watch3,1, Watch3,2, Watch3,3, Watch…
14.7.1 2021-07-26 2021-12-19 {iPad11,1, iPad11,2, iPad11,3, iPad1…
14.7 2021-07-21 2021-10-24 {iPad11,1, iPad11,2, iPad11,3, iPad1…
14.7 2021-07-19 2021-12-19 {AppleTV11,1, AppleTV5,3, AppleTV6,2…
7.6 2021-07-19 2021-10-27 {Watch3,1, Watch3,2, Watch3,3, Watch…
14.7 2021-07-19 2021-10-24 {iPhone10,1, iPhone10,2, iPhone10,3,…
12.5.4 2021-06-21 2021-12-19 {iPad4,1, iPad4,2, iPad4,3, iPad4,4…}
14.6 2021-06-21 2021-10-19 {iPad11,1, iPad11,2, iPad11,3, iPad1…
14.6 2021-06-21 2021-10-17 {iPhone10,1, iPhone10,2, iPhone10,3,…
5.3.9 2021-05-24 2021-12-19 {Watch2,3, Watch2,4, Watch2,6, Watch…
6.3 2021-05-24 2021-12-19 {Watch2,3, Watch2,4, Watch2,6, Watch…
7.5 2021-05-24 2021-10-17 {Watch3,1, Watch3,2, Watch3,3, Watch…
14.6 2021-05-24 2021-10-17 {AppleTV11,1, AppleTV5,3, AppleTV6,2…

 

The server gdmf.apple.com is the resource provided by Apple to dictated what iOS versions are available. Since this site only provides a JSON-formatted list, it’s very easy to use the invoke-RestMethod to grab relevant data.

 

VMworld 2021

I am floored that I will be presenting an on-demand session at VMworld 2021. This is an incredible honor and I am very encouraged that I having something to offer the wider mobility world.

 

Device as a Service – Taking Modern Management Beyond Windows [EUS1928]

Managing Device-as-a-Service requires approaching the WS1 console OG design with an eye towards maximizing automation and leveraging the API as much as possible. This presentation will explore lessons-learned when designing Workspace ONE from a notable Device-as-a-Service deployment. Successfully deploying 600,000 iOS devices and 100,000 Windows laptops using Modern Management approaches was enabled through up-front time working with VMware PSO, the customer, and maximizing available automations. An introduction to Device-as-a-Service will be provide by Jack Nichols, the Chief Technology Officer of CDWG.

Brian Deyo, Senior Consultant, VMware

Topic: Embrace Unified Endpoint Management
Track : End User Services
Primary Product: VMware Workspace ONE
Primary Audience: Platform/System Architect
Session Type: Breakout Session
Level: Technical 200
Pass Type: General and Tech+ Passes
I may not test often, but when I do it's in production

The thrill of testing in production 

if ($testing_in_production == true) {
RTFM();
}
else {
$Move=fast;
$Break=Shit;
}

 

I’ve been spending a lot of time hopefully making something better for a customer. They recently had an au

ditor c

ome in and tell them they were doing the most basic layers of security (i.e. Antivirus) all wrong and it needed to be redone. And the organization was given a deadline about a month away for 40 PCs and a dozen servers.

This is not a significant issue except the 13-hour timezone difference makes anything that gets messed up a little more precarious to go fix. My first

real sysadmin job allowed me the luxury of driving across town if I broke something.

In all cases I’m lucky that I have experience deploying the tools in a much larger environment. That environment was also under pressure. They had just been pwn’d and didn’t really know it until I stumbled across that. Really didn’t know what I was dealing with… at that time in 2008 I really had no clue what real information security was about. I learned quickly.

What I have also learned through many years of work, is that if you’re going to have to test in production, I recommend that you take a deep breath, slow down, and read the manual first. Knowing what the heck you are doing is only the first step. You really have to know *why* you are doing a thing. There’s no shortage of opportunity to move fast and break stuff, but with each instance there’s also an opportunity for learning and growth.

I may not test often, but when I do it's in production

With the amount of chaos in the world, inability for many OPSEC teams to focus on actually securing all the things, and the continual drive to still give customers what they want, there’s also no shortage of opportunities to learn-on-the-fly, be creative, and solve problems. Even in production.