There has been a lot of chatter over the last few days about the most recent update to the iPhone’s iOS 6.1.
I have been saying for years that Patch Management is one of the most critical steps to protecting your infrastructure, both on the server-side and on the client-side. However I have also stated that before implementing any patch the IT department should be testing it to make sure that it does not do more harm than good. Of course, vendors do not release patches that they are not confident with, but they do not always test them in every scenario.
One of the common scenarios we see with the iPhone is with it being connected to an Exchange Server for its mail and such, whether that Exchange Server belongs to the organization or a public cloud solution such as Office 365. While it works and it fully supported by Microsoft, it is not a scenario that Apple seems to test extensively for. And so, with this most recent patch, there are issues (excessive logging causing enterprise-wide issues for all users).
It is the very reason that I have always advocated maintaining a lab environment that mirrors your production environment, and testing patches in that setting before approving them for your organization. However with the iPhone being an unmanaged device end-users are prompted to apply their own patches without waiting for approval from the IT department.
And so this past weekend following this patch release mail server administrators around the world were scrambling to find a solution to the problem. Unfortunately for many the immediate solution was to block iPhones from syncing to the mail servers until Apple releases a new patch. I expect this will not make a lot of people happy, but in this case iPhones really are bringing down entire mail server farms.
With Windows Intune and System Center 2012 Configuration Manager there should be a solution to this, although I have not had the opportunity to test it yet. The latest version of Intune (commonly known as Wave D) allows the management of iPhone and Android devices, and just may allow the IT department to regain control of patch management, preventing such issues going forward.
My friend and fellow Microsoft MVP from Israel. He is a Microsoft Infrastructure Practice Manager at Ankor Computing Infrastructures, a leading Integration company in Israel. Although his award category is the same as mine (Windows Expert-IT Pro) he is an expert in several technologies, including Exchange Server. In 2011 he wrote an excellent paper on P2V Migration for Microsoft Exchange Servers that I published on this blog. He has written a very interesting white paper about this recent issue, including solutions and workarounds. You can download his paper by clicking here.