The Android Software Update Policy enables organizations to centrally manage how system and app updates are delivered and installed on managed Android devices enrolled via Android Enterprise. This policy is essential for maintaining device security, compliance, and minimizing user disruption by controlling when and how updates occur.
What Does the Policy Do?
The ANDROID_SOFTWARE_UPDATE_POLICY allows IT administrators to:
Control the timing and method of Android OS and app updates.
Prevent updates during critical business periods.
Ensure devices remain secure and compliant with organizational requirements.
Key Configuration Options
The policy includes several configurable fields:
1. App Auto Update Policy
Controls how Google Play apps are updated on managed devices:
NEVER→ Automatic app updates are completely disabled; apps must be updated manually.
WIFI_ONLY → Apps are automatically updated only when the device is connected to Wi-Fi.
ALWAYS → Apps are automatically updated on any available network, including mobile data.
CHOICE_TO_THE_USER → The user decides whether and how apps are automatically updated through Google Play.
To verify, open Google Play Store, tap your profile icon → Settings → Network preferences → Auto-update apps.
2. System Update
Manages how and when Android OS updates are applied. Key sub-fields:
Type: Determines the update mode:
AUTOMATIC → Updates are downloaded and installed automatically as soon as they’re available.
POSTPONE → Updates are delayed until the device administrator allows installation.
WINDOWED → Updates are permitted only during a specific daily maintenance window (see
startMinutesandendMinutes).
For this policy field, due to Android MDM restrictions, device configuration details are not directly accessible. However, when the AUTOMATIC option was applied, the device immediately initiated the system update as soon as an update became available.
Start Minutes / End Minutes: Define the daily maintenance window (in minutes from midnight) when updates can be installed (e.g., 120 = 2:00 AM).
Freeze Periods: Specify blackout date ranges (e.g., holidays, quarter-end) when updates are completely blocked. We recommend there should be at least 60 days between two freeze periods.
Each freeze period must be 90 days or shorter.
No two freeze periods can have the same start and end dates.
Freeze periods must not overlap.
Freeze periods must be separated by at least 60 days.
Example:
Start Minutes: 120andEnd Minutes: 360allow updates only between 2:00 AM and 6:00 AM.Freeze Periods: Block updates during specified dates to avoid business disruption.
Why Use This Policy?
Centralized Control: Ensure all managed devices are updated according to your organization’s schedule.
Business Continuity: Avoid unexpected reboots or disruptions during critical periods.
Security & Compliance: Timely patching of vulnerabilities while accommodating business needs.
Granular Management: Fine-tune update behavior for both apps and the OS.
How to Configure
Define Business Requirements: Identify critical periods and preferred update windows.
Create Policy: Set up policy at Device Management > Policies > Create New Policy > New Policy from Scratch > Find Android Software Update Policy
Set Freeze Periods: Add blackout dates to prevent updates during sensitive times.
Choose App Auto Update Policy: Select the app update mode that fits your environment.
Test the Policy: Apply to a test device or group before broad deployment.