Google System updates on devices enrolled using Android Enterprise

Google System update overview

Google System updates bring new and useful features that make your Android devices more secure and reliable. It includes updates to the Android operating system provided by Google, Google Play Store, and Google Play services. Google System updates are available for all Google-certified Android devices.

In many cases enterprises need to ensure that system updates are being applied in a timely manner. This article will cover the tools available for managing system updates on devices using Android Enterprise.

See what's new in Google System updates.

Managing system updates using system update policies

IT admins can use their Enterprise Mobility Management (EMM) provider to apply system update policies which change the behavior of Google System updates. System update policies can be useful for organizations that have dedicated devices which are always active and where there is no end user to accept update prompts (e.g. digital signage).

Applying these policies may cause devices to reboot automatically without prompting the user. See the ‘Managing system updates with compliance policies’ section for alternative ways to manage system updates.

Summary of system update policies

Policy Description
AUTOMATIC This policy will automatically install updates as soon as they are available and will trigger a reboot if required.
WINDOWED This policy will install system updates during a daily maintenance window. This is a single period repeated daily (e.g. 1 PM–4 PM). If a reboot is required it will be triggered automatically. If 30 days pass without a successful install, then this policy is treated like AUTOMATIC. Installations may be unsuccessful for reasons including no connectivity, insufficient disk space, or low battery.

This policy postpones the installation of system updates for 30 days. Once the timer expires, updates are handled as if no policy was in place. If another update is released during the 30-day postponement timer the timer resets for another 30 days.

Note: security updates (e.g. monthly security patches) will not be affected by this policy.

IT admins can also specify freeze periods. A freeze period is a range of dates which repeat annually during which system updates should not be installed. This policy will prevent updates from being installed and a user will not be able to manually perform an update. Freeze periods can be configured up to 90 days. There must be at least 60 days separating adjacent freeze periods. When the device is outside of any freeze periods you set, the normal policy behavior (none, automatic, windowed or postponed) applies.

Google Play System updates (Mainline)

Google Play System updates (also called Mainline updates) are automatically downloaded but require a device reboot to be installed. These updates will not trigger an automatic reboot and instead they are installed on the next user, admin, or policy initiated reboot. Reboots triggered by system update policy will install the associated Google/OEM system update and any previously downloaded Google Play System updates.

Google Play System updates can also be manually installed by navigating to Settings About Android Version Google Play system update.

Managing system updates using compliance policies

IT admins can use an Enterprise Mobility Management (EMM) provider to apply compliance policies that ensure devices stay current with Google System updates.

Compliance engines can make use of many signals that are present on the device such as OS version, security patch details, application versions and even connected SSID to ensure devices remain compliant. If a device becomes non-compliant, the compliance engine can trigger an action such as un-enrolling the device, or removing access to corporate resources.

Compliance engines can be configured to monitor time since the last update was applied to a device. A compliance policy can then be configured to apply an action if a desired time period between updates has been exceeded. Compliance policies can also be configured to warn users, and encourage them to act, before a policy is enforced. We recommend using compliance policies to ensure devices remain up to date for most knowledge worker use cases.

Check your EMM provider documentation to learn more about configuring compliance policies to enforce system updates.

Was this helpful?

How can we improve it?
Clear search
Close search
Google apps
Main menu