With Intune’s strength with managing a variety of device OEMs there are always questions about managing OS updates for specific device OEMs. Organizations who manage large Android device fleets across multiple locations require control of OS updates, particularly with frontline worker devices where any downtime could lead to a loss of productivity and even business. This month’s post I focus on managing Android OS updates (and downgrades) for Honeywell devices enrolled with Intune.
- Honeywell device
- Microsoft Endpoint Manager – Intune
- Azure Active Directory
- FTP/HTTP file access point
Let’s get started!
Before we walk-though the steps of upgrading/downgrading OS builds on a device, let’s take a look at the full process end-to-end:
- Honeywell publishes their OS builds in the form of .zip files via their download site: https://hsmftp.honeywell.com/ if you don’t have an account, you’ll need to create one. Once signed in, you’ll see a folder structure where you can select the device type and download the necessary OS update file. For example, if your Honeywell device runs Android 7, depending on the device model, there may be newer Android OS versions to update to. In my case I have a Honeywell CT40 running Android 7 and Android 9 and 10 are upgrade options. Once the OS update file is downloaded, we’ll need to copy that to a server accessible either by HTTP or FTP. In my environment I utilize an FTP server that requires sign-in. More on this later.
- Next, we’ll need to create a new device configuration profile in Microsoft Endpoint Manager specifically for OEMConfig. Once it’s created, we’ll add the path the FTP server in the profile
- We’ll then assign the OEMConfig profile to an Azure AD group containing the Honeywell enrolled devices.
- On next sync, the device will download the OS update file and launch it automatically for either an upgrade or downgrade.
OTA updates with OEMConfig
Below are my example OEMConfig settings utilized to push out the OS update. I have a few other device specific settings configured as I was testing a few things, however those are optional. What’s important are the following:
OS Update Package URL: ftp://USERNAME:PASSWORD@IP-ADDRESS:PORT/OS.zip so in my case: ftp://cbernier:email@example.com:21/HON660-Q-90.00.06-(0164).zip (I removed my password and changed the IP address)
Allow System Firmware Downgrades: Yes, No, Not Configured, in my case, I selected “Yes”
OEMConfig OS update
Once the OEMConfig file is assigned to an Azure AD group where the enrolled device resides, it will contact the FT server and download the file as shown in the image below.
Update upgrades and downgrades run automatically after a successful copy of the .zip file containing the update is completed. However, there is one item to note for this process, with OS downgrades, MDM enrollment is not retained as Honeywell automatically performs an enterprise reset of the device to downgrade the OS. When upgrading, MDM enrollment persists so no issues there.
Below are a few images stepping through the OS upgrade process (downgrade works similarly):
The image below displays the .zip OS file currently being downloaded and automatically places it in the “honeywell -> persist” folder on the internal storage. Note, these files are over 1 GB in size for the full OS update, however Honeywell does offer incremental update files which are much smaller.
Once the OS update download is competed the device will kick off the upgrade or downgrade process.
The device will then reboot to apply the update.
After the device reboots, the update finishes the installation.
That’s it! Fairly simple process if you ask me and works really well. To recap, we downloaded an OS update files from Honeywell, copied to an FTP server, configured OEMConfig to have a Honeywell CT40 download the OS update file to the device. Once download completes, the Honeywell device kicked off the update automatically and installed successfully.
One thought on “Managing Honeywell OS updates with OEMConfig and Microsoft Endpoint Manager”
Be carefull with “Allow System Firmware Downgrades”. In some versions (HON660-Q-90.00.03-(0090) or HON660-Q-90.00.06-(0164)) there was/is an bug, where a upgrade was treated as a downgrade (with enterprise reset).