Hello All,
I have an issue I'd love to get some guidance on if anybody has any ideas.
We are managing iPhones / iPads for my customer with Microsoft Intune. The phones are corporate provided and in supervised mode. We are blocking users from entering AppleIDs during enrolment and blocking their ability to modify account details on the devices by MDM policy. We are also removing the AppStore icon from the device home screens by policy
We are deploying a bunch of applications to the users' devices by deploying them to the devices which all works OK. The problem is that once deployed to the devices the apps do not get updates. I have compared the versions of the apps to the current versions on the app store via a browser and they are lagging behind.
Here's what we have tried so far. The phones are forced to talk over an always-on VPN, through the corporate web proxies to get to the Internet. We got iOS updates working eventually by googling what the relevant Apple iOS update URLs are and unblocking them on the proxies. However, App updates still aren't working. The app-update URLs we unblocked are:
- albert.apple.com
- ax.itunes.apple.com
- deimos3.apple.com
- gs.apple.com
- itunes.apple.com
- mesu.apple.com
- ocsp.apple.com
- phobos.apple.com
- evintl-ocsp.verisign.com
- evsecure-ocsp.verisign.com
The app updates still weren't coming through. So, I read somewhere that maybe hiding the AppStore icon was the issue, presumably because the AppStore is required for app distribution. So, I disabled the MDM policy to hide the app store icon (in Hybrid Intune this is Configurations -> MyiOSPolicies -> Application Store -> App Store = Allowed). However this did not un-hide the app store as I expected it would, so I can't test whether this works.
Any ideas? Is this likely to be URL block related, AppStore icon related or something else e.g. do we need push notification ports opened up or something? Does the always-on VPN interfere with app updates?