This article is going to describe how to “Block” OS upgrades on Samsung devices using Workspace One UEM wherever your device are Android Enterprise or Device Admin.
In order to do so, we will need to Blacklist the application process which are responsible to process the Device Firmware upgrade.
1.) Building an App Groups containing the blacklist of these applications.
SDM & Sync Service
This list will vary depending on the device model as well as the carrier type device. For example ATT has specific software to Upgrade their Samsung devices.
If you have carrier specific Samsung device I recommend to use one of the free tool as per below to identify the Bundle ID of the App so you can block it.
2.) Deploying the Application Controle Profile to your devices.
You can then assign the profile and verify on your device that you cannot access to the firmware update section.
While this method of blocking Apps in order to stop the Firmware update to function is working just fine, I recommend to use API driven functionality as it is lot more standard, consistent and secure. For this as part of the OEM config methodology (See here to understand more about OEM Config) Samsung has developed KNOX Service Plugin which is an App plugin where we will configure an App Config in order to apply certain policies to your devices. PS: This is only available on Android Enterprise use case.
Follow below steps in order to access the option to Block Firmware upgrade using OEM Config (KSP Knox Service Plugin) for Samsung devices: