We are facing issues in VPP Client Configuration API ( POST: https://vpp.itunes.apple.com/mdm/VPPClientConfigSrv ).
For some VPP token, the "clientContext" key in the response says "token being used in v2" instead of giving a proper clientContext. These VPP tokens aren't actually added in any other MDM than ours. But it gives this as response. Also, we didn't use the new API for setting VPP Client Configuration too. We are seeing this issue for some VPP tokens in random. We would like to understand this behaviour in VPP tokens.
Selecting any option will automatically load the page
Post
Replies
Boosts
Views
Activity
On a supervised device running iOS 18 without any AirDrop restrictions applied, when a profile with allowListedAppBundleIDs restriction key is installed, the AirDrop sound plays. But still the accept prompt does not appear, making it impossible to accept files.
The prompt works as expected on iOS 18 devices to which the allowListedAppBundleIDs restriction is not installed.
This issue occurs only on supervised iOS 18 devices to which the allowListedAppBundleIDs restriction is being applied.
Device must be in iOS 18 version > Install the (allowListedAppBundleIDs restriction) profile with the device > Try to AirDrop files to the managed device.
The expected result is that the accept prompt must pop up but it does not appear.
This issue is occurring irrespective of any Whitelisted bundle ID being added to the allowListedAppBundleIDs restriction profile.
Have attached a few Whitelisted bundle ID here com.talentlms.talentlms.ios.beta, com.maxaccel.safetrack, com.manageengine.mdm.iosagent, com.apple.weather, com.apple.mobilenotes, gov.dot.phmsa.erg2, com.apple.calculator, com.manageengine.mdm.iosagent, com.apple.webapp, com.apple.CoreCDPUI.localSecretPrompt etc.
Have raised a Feedback request (FB15709399) with sysdiagnose logs and a short video on the issue.
Topic:
Business & Education
SubTopic:
Device Management
Tags:
Enterprise
Device Management
Managed Settings
We have observed that Apple TV doesn't send Ethernet MAC information in DeviceInformation response. (Apple TV is connected to the Ethernet.)
We've confirmed that the following pre requisites are fulfilled on our side.
The queries in Network information queries are available if the MDM host has a Network Information access right. Reference doc - https://developer.apple.com/business/documentation/MDM-Protocol-Reference.pdf
✓ We have set the maximum access right available (8191).
EthernetMACs - The key to get the Ethernet MAC addresses. This value requires the Network Information access right, and is available in iOS 4 and later, and tvOS 6 and later. Reference doc - https://developer.apple.com/documentation/devicemanagement/deviceinformationcommand/command/queries.
✓ The TV OS version of the device we are referring here is 14+.
✓ The query dictionary contains the EthernetMACs key.
Is this supported for Apple TV devices as mentioned in the documentation?
Please find the attached sample requests and responses.
?xml version="1.0" encoding="UTF-8"?
!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"
plist version="1.0"
dict
keyCommandUUID/key
stringDeviceInformation/string
keyCommand/key
dict
keyRequestType/key
stringDeviceInformation/string
keyQueries/key
array
stringDeviceName/string
stringOSVersion/string
stringBuildVersion/string
stringModelName/string
stringModel/string
stringProductName/string
stringSerialNumber/string
stringDeviceCapacity/string
stringAvailableDeviceCapacity/string
stringBatteryLevel/string
stringCellularTechnology/string
stringIMEI/string
stringMEID/string
stringModemFirmwareVersion/string
stringICCID/string
stringBluetoothMAC/string
stringWiFiMAC/string
stringCurrentCarrierNetwork/string
stringSIMCarrierNetwork/string
stringSubscriberCarrier-Network/string
stringCarrierSettingsVersion/string
stringPhoneNumber/string
stringVoiceRoamingEnabled/string
stringDataRoamingEnabled/string
stringIsRoaming/string
stringSubscriberMCC/string
stringSubscriberMNC/string
stringCurrentMCC/string
stringCurrentMNC/string
stringUDID/string
stringIsSupervised/string
stringIsDeviceLocatorServiceEnabled/string
stringIsActivationLockEnabled/string
stringIsDoNotDisturbInEffect/string
stringiTunesStoreAccountIsActive/string
stringEASDeviceIdentifier/string
stringEthernetMACs/string
stringPersonalHotspotEnabled/string
stringLastCloudBackupDate/string
stringIsCloudBackupEnabled/string
stringIsMDMLostModeEnabled/string
stringServiceSubscriptions/string
stringLanguages/string
stringLocales/string
stringDeviceID/string
stringOrganizationInfo/string
stringAwaitingConfiguration/string
stringMDMOptions/string
stringiTunesStoreAccountHash/string
stringSIMMCC/string
stringSIMMNC/string
stringOSUpdateSettings/string
stringLocalHostName/string
stringHostName/string
stringCatalogURL/string
stringIsDefaultCatalog/string
stringPreviousScanDate/string
stringPreviousScanResult/string
stringPerformPeriodicCheck/string
stringAutomaticCheckEnabled/string
stringBackgroundDownloadEnabled/string
stringAutomaticAppInstallationEnabled/string
stringAutomaticOSInstallationEnabled/string
stringAutomaticSecurityUpdatesEnabled/string
stringIsMultiUser/string
stringMaximumResidentUsers/string
stringPushToken/string
stringDiagnosticSubmissionEnabled/string
stringAppAnalyticsEnabled/string
stringIsNetworkTethered/string
/array
/dict
/dict
/plist
Response to this request
?xml version="1.0" encoding="UTF-8"?
!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"
plist version="1.0"
dict
keyCommandUUID/key
stringDeviceInformation/string
keyQueryResponses/key
dict
keyAwaitingConfiguration/key
false/
keyBluetoothMAC/key
stringxx:xx:xx:xx:xx:xx/string
keyBuildVersion/key
stringxxxxxxx/string
keyDeviceID/key
stringxx:xx:xx:xx:xx:xx/string
keyDeviceName/key
stringxxx/string
keyIsSupervised/key
true/
keyMDMOptions/key
dict/
keyModel/key
stringMR912LL/string
keyModelName/key
stringAppleTV/string
keyOSVersion/key
string14.0.2/string
keyProductName/key
stringAppleTV5,3/string
keySerialNumber/key
stringxxxxxxxxxx/string
keyUDID/key
stringxxxx/string
keyWiFiMAC/key
stringxx:xx:xx:xx:xx:xx/string
keyiTunesStoreAccountIsActive/key
false/
/dict
keyStatus/key
stringAcknowledged/string
keyUDID/key
stringxxx/string
/dict
/plist
Thank you.
Topic:
Developer Tools & Services
SubTopic:
General
Tags:
Enterprise
Business and Enterprise
Device Management
FB9895426 (Apple Device MDM enrolment fails if client certificate is requested during SSL Handshake)
Device enrolment fails in an MDM Server configured with client certificate authentication.
Upon investigating the issue, we noticed that the device drops the SSL handshake if a client certificate is requested during the handshake.
Wireshark Screenshot:
From the console logs, we noticed the below error:
<MCHTTPRequestor: 0x283b560a0> cannot accept the authentication method NSURLAuthenticationMethodClientCertificate
The TLS protocol states that "If no suitable certificate is available, the client SHOULD send a certificate message containing no certificates.".
Thus, we expect the MDM client to respond with a "no certificate" response during the SSL handshake.
Someone has already raised the same question but there's no reply yet:
https://developer.apple.com/forums/thread/680328
https://developer.apple.com/forums/thread/676579
Any help would be appreciated. Thanks in advance.
We are trying to connect macOS devices to Wi-Fi using Wi-Fi configuration profile in MDM. EAP type is PEAP - MSCHAPv2 with both System and LoginWindow setup modes enabled, but unfortunately devices are getting stuck in connecting phase of the Wi-Fi without actually getting connected. We have also send the Sysdiagnose logs to Apple feedback assistance(Ref ID:FB9965644)
Please find the configuration we have used below
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadUUID</key>
<string>5f9c93d0-f2b4-45b2-9367-e65a52d1f1a9</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>MDM</string>
<key>PayloadIdentifier</key>
<string>com.mdm.0583c3c2-4fe2-414a-9bc6-87467f0fef02.MacOSWifi</string>
<key>PayloadDisplayName</key>
<string>Wifi_Corp</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadUUID</key>
<string>f962f11d-6524-4061-b93b-82975dd7512b</string>
<key>PayloadType</key>
<string>com.apple.wifi.managed</string>
<key>PayloadOrganization</key>
<string>MDM</string>
<key>PayloadIdentifier</key>
<string>f962f11d-6524-4061-b93b-82975dd7512b</string>
<key>PayloadDisplayName</key>
<string>Wifi Profile Configuration</string>
<key>SSID_STR</key>
<string>--SSID Over Here--</string>
<key>AutoJoin</key>
<true/>
<key>SetupModes</key>
<array>
<string>System</string>
<string>Loginwindow</string>
</array>
<key>HIDDEN_NETWORK</key>
<false/>
<key>EAPClientConfiguration</key>
<dict>
<key>AcceptEAPTypes</key>
<array>
<integer>21</integer>
<integer>25</integer>
</array>
<key>EAPFASTUsePAC</key>
<false/>
<key>EAPFASTProvisionPAC</key>
<false/>
<key>EAPFASTProvisionPACAnonymously</key>
<false/>
<key>UserName</key>
<string>---UserName Over here---</string>
<key>UserPassword</key>
<string>--Password Over here--</string>
<key>TTLSInnerAuthentication</key>
<string>MSCHAPv2</string>
<key>PayloadCertificateAnchorUUID</key>
<array>
<string>b68ceae9-5752-44a3-887c-4dd422428f3d</string>
</array>
</dict>
<key>EncryptionType</key>
<string>Any</string>
<key>ProxyType</key>
<string>None</string>
</dict>
<dict>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadUUID</key>
<string>b68ceae9-5752-44a3-887c-4dd422428f3d</string>
<key>PayloadType</key>
<string>com.apple.security.root</string>
<key>PayloadOrganization</key>
<string>MDM</string>
<key>PayloadIdentifier</key>
<string>b68ceae9-5752-44a3-887c-4dd422428f3d</string>
<key>PayloadDisplayName</key>
<string>iOS Certificate Policy</string>
<key>PayloadContent</key>
<data>
-----Trust Certificate Data Here---
</data>
<key>PayloadCertificateFileName</key>
<string>----Certificate file name.cer----</string>
</dict>
</array>
</dict>
</plist>
Description:
From MDM, the InstalledApplicationList command is sent to device for querying the list of Installed Apps. Some apps doesn't have version(both Version & ShortVersion) in the response. But the "Installing" key is false for them which should mean that the app is already Installed. But the app version is not available in the response. Also, for these apps without app version, the "IsValidated" key gives "false" value. But these apps are installed on the device. Kindly help us understand about this case.
Sample Response of InstalledApplicationList:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>InstalledApplicationList</string>
<key>InstalledApplicationList</key>
<array>
<dict>
<key>AdHocCodeSigned</key>
<false/>
<key>AppStoreVendable</key>
<false/>
<key>BetaApp</key>
<false/>
<key>BundleSize</key>
<integer>135618560</integer>
<key>DeviceBasedVPP</key>
<true/>
<key>ExternalVersionIdentifier</key>
<integer>850215498</integer>
<key>HasUpdateAvailable</key>
<false/>
<key>Identifier</key>
<string>net.whatsapp.WhatsApp</string>
<key>Installing</key>
<false/>
<key>IsValidated</key>
<false/>
<key>Name</key>
<string>WhatsApp</string>
</dict>
<dict>
<key>AdHocCodeSigned</key>
<false/>
<key>AppStoreVendable</key>
<false/>
<key>BetaApp</key>
<false/>
<key>BundleSize</key>
<integer>185229312</integer>
<key>DeviceBasedVPP</key>
<true/>
<key>ExternalVersionIdentifier</key>
<integer>849733664</integer>
<key>HasUpdateAvailable</key>
<false/>
<key>Identifier</key>
<string>com.microsoft.azureauthenticator</string>
<key>Installing</key>
<false/>
<key>IsValidated</key>
<true/>
<key>Name</key>
<string>Authenticator</string>
<key>ShortVersion</key>
<string>6.5.98</string>
<key>Version</key>
<string>20</string>
</dict>
<dict>
<key>AdHocCodeSigned</key>
<false/>
<key>AppStoreVendable</key>
<false/>
<key>BetaApp</key>
<false/>
<key>BundleSize</key>
<integer>287129600</integer>
<key>DeviceBasedVPP</key>
<true/>
<key>ExternalVersionIdentifier</key>
<integer>849978495</integer>
<key>HasUpdateAvailable</key>
<false/>
<key>Identifier</key>
<string>com.microsoft.skype.teams</string>
<key>Installing</key>
<false/>
<key>IsValidated</key>
<false/>
<key>Name</key>
<string>Teams</string>
</dict>
<dict>
<key>AdHocCodeSigned</key>
<false/>
<key>AppStoreVendable</key>
<false/>
<key>BetaApp</key>
<false/>
<key>BundleSize</key>
<integer>213839872</integer>
<key>DeviceBasedVPP</key>
<true/>
<key>ExternalVersionIdentifier</key>
<integer>850097782</integer>
<key>HasUpdateAvailable</key>
<false/>
<key>Identifier</key>
<string>com.google.Maps</string>
<key>Installing</key>
<true/>
<key>IsValidated</key>
<false/>
<key>Name</key>
<string>Google Maps</string>
</dict>
<dict>
<key>AdHocCodeSigned</key>
<false/>
<key>AppStoreVendable</key>
<false/>
<key>BetaApp</key>
<false/>
<key>BundleSize</key>
<integer>43339776</integer>
<key>DeviceBasedVPP</key>
<true/>
<key>ExternalVersionIdentifier</key>
<integer>848157118</integer>
<key>HasUpdateAvailable</key>
<false/>
<key>Identifier</key>
<string>com.manageengine.mdm.iosagent</string>
<key>Installing</key>
<false/>
<key>IsValidated</key>
<true/>
<key>Name</key>
<string>ME MDM</string>
<key>ShortVersion</key>
<string>22.04.01</string>
<key>Version</key>
<string>1558</string>
</dict>
<dict>
<key>AdHocCodeSigned</key>
<false/>
<key>AppStoreVendable</key>
<false/>
<key>BetaApp</key>
<false/>
<key>BundleSize</key>
<integer>209174528</integer>
<key>DeviceBasedVPP</key>
<true/>
<key>ExternalVersionIdentifier</key>
<integer>848848517</integer>
<key>HasUpdateAvailable</key>
<false/>
<key>Identifier</key>
<string>us.zoom.videomeetings</string>
<key>Installing</key>
<false/>
<key>IsValidated</key>
<false/>
<key>Name</key>
<string>Zoom</string>
</dict>
</array>
<key>Status</key>
<string>Acknowledged</string>
<key>UDID</key>
<string>00000-000000-000000</string>
</dict>
</plist>
Some apps with the issue in the given response:- net.whatsapp.WhatsApp, com.microsoft.skype.teams, us.zoom.videomeetings, etc.
Topic:
Business & Education
SubTopic:
General
Tags:
Apple Business Manager
Business and Enterprise
Device Management
Issue Description:
Licenses Expiring - The licenses for [app_name] and 'x' other applications will expire in 'n' days.
The given App Store Notification is displayed in many iPad devices. All the apps for which the notification is shown are purchased from ABM (VPP apps). The licenses are still assigned to devices and are not revoked which is made sure from VPP API. The VPP token is also not nearing expiration and it has more than 6 months time for expiry.
Screenshot of the notification is attached below
Kindly help us with the reason for this behavior
Topic:
App Store Distribution & Marketing
SubTopic:
General
Tags:
App Store
Apple Business Manager
Business and Enterprise
Device Management
Hello All,
We are looking to implement the ACME protocol for our organization PKI and as of now, we are trying out the demo ACME server hosted here. So far, we had a minor piece of luck in getting it to work properly twice, but after that, it errors out every time. This is the payload we are using:
&amp;lt;?xml version="1.0" encoding="UTF-8"?&amp;gt;
&amp;lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&amp;gt;
&amp;lt;plist version="1.0"&amp;gt;
&amp;lt;dict&amp;gt;
&amp;lt;key&amp;gt;PayloadContent&amp;lt;/key&amp;gt;
&amp;lt;array&amp;gt;
&amp;lt;dict&amp;gt;
&amp;lt;key&amp;gt;ClientIdentifier&amp;lt;/key&amp;gt;
&amp;lt;string&amp;gt;123123123123123123123&amp;lt;/string&amp;gt;
&amp;lt;key&amp;gt;ExtendedKeyUsage&amp;lt;/key&amp;gt;
&amp;lt;array&amp;gt;
&amp;lt;string&amp;gt;1.3.6.1.5.5.7.3.2&amp;lt;/string&amp;gt;
&amp;lt;/array&amp;gt;
&amp;lt;key&amp;gt;HardwareBound&amp;lt;/key&amp;gt;
&amp;lt;true/&amp;gt;
&amp;lt;key&amp;gt;KeySize&amp;lt;/key&amp;gt;
&amp;lt;integer&amp;gt;384&amp;lt;/integer&amp;gt;
&amp;lt;key&amp;gt;KeyType&amp;lt;/key&amp;gt;
&amp;lt;string&amp;gt;ECSECPrimeRandom&amp;lt;/string&amp;gt;
&amp;lt;key&amp;gt;KeyUsage&amp;lt;/key&amp;gt;
&amp;lt;integer&amp;gt;5&amp;lt;/integer&amp;gt;
&amp;lt;key&amp;gt;PayloadIdentifier&amp;lt;/key&amp;gt;
&amp;lt;string&amp;gt;com.example.test&amp;lt;/string&amp;gt;
&amp;lt;key&amp;gt;PayloadType&amp;lt;/key&amp;gt;
&amp;lt;string&amp;gt;com.apple.security.acme&amp;lt;/string&amp;gt;
&amp;lt;key&amp;gt;PayloadUUID&amp;lt;/key&amp;gt;
&amp;lt;string&amp;gt;sdf-feec-4171-878d-34e576bbb813&amp;lt;/string&amp;gt;
&amp;lt;key&amp;gt;PayloadVersion&amp;lt;/key&amp;gt;
&amp;lt;integer&amp;gt;1&amp;lt;/integer&amp;gt;
&amp;lt;key&amp;gt;Subject&amp;lt;/key&amp;gt;
&amp;lt;array&amp;gt;
&amp;lt;array&amp;gt;
&amp;lt;array&amp;gt;
&amp;lt;string&amp;gt;C&amp;lt;/string&amp;gt;
&amp;lt;string&amp;gt;US&amp;lt;/string&amp;gt;
&amp;lt;/array&amp;gt;
&amp;lt;/array&amp;gt;
&amp;lt;array&amp;gt;
&amp;lt;array&amp;gt;
&amp;lt;string&amp;gt;O&amp;lt;/string&amp;gt;
&amp;lt;string&amp;gt;Example Inc.&amp;lt;/string&amp;gt;
&amp;lt;/array&amp;gt;
&amp;lt;/array&amp;gt;
&amp;lt;array&amp;gt;
&amp;lt;array&amp;gt;
&amp;lt;string&amp;gt;CN&amp;lt;/string&amp;gt;
&amp;lt;string&amp;gt;test&amp;lt;/string&amp;gt;
&amp;lt;/array&amp;gt;
&amp;lt;/array&amp;gt;
&amp;lt;/array&amp;gt;
&amp;lt;key&amp;gt;SubjectAltName&amp;lt;/key&amp;gt;
&amp;lt;dict&amp;gt;
&amp;lt;key&amp;gt;dNSName&amp;lt;/key&amp;gt;
&amp;lt;string&amp;gt;site.example.com&amp;lt;/string&amp;gt;
&amp;lt;/dict&amp;gt;
&amp;lt;key&amp;gt;DirectoryURL&amp;lt;/key&amp;gt;
&amp;lt;string&amp;gt;https://ca.attestation.dev/acme/acme/directory&amp;lt;/string&amp;gt;
&amp;lt;/dict&amp;gt;
&amp;lt;/array&amp;gt;
&amp;lt;key&amp;gt;PayloadDisplayName&amp;lt;/key&amp;gt;
&amp;lt;string&amp;gt;ACME&amp;lt;/string&amp;gt;
&amp;lt;key&amp;gt;PayloadIdentifier&amp;lt;/key&amp;gt;
&amp;lt;string&amp;gt;com.example.test&amp;lt;/string&amp;gt;
&amp;lt;key&amp;gt;PayloadType&amp;lt;/key&amp;gt;
&amp;lt;string&amp;gt;Configuration&amp;lt;/string&amp;gt;
&amp;lt;key&amp;gt;PayloadUUID&amp;lt;/key&amp;gt;
&amp;lt;string&amp;gt;ce876f81-abf0-46f9-9e68-9b3a7ede8097&amp;lt;/string&amp;gt;
&amp;lt;key&amp;gt;PayloadVersion&amp;lt;/key&amp;gt;
&amp;lt;integer&amp;gt;1&amp;lt;/integer&amp;gt;
&amp;lt;/dict&amp;gt;
&amp;lt;/plist&amp;gt;
We get the below errors from the ACME server:
order status is "pending", not yet "valid"
order status is "ready", not yet "valid"
Any insights on what we are doing wrong could be helpful. Thanks in advance.
Topic:
Business & Education
SubTopic:
Device Management
Tags:
wwdc2022-10143
Device Management
App Attest
Pre Note: This issue not reproducing so promisingly. We cant find its issue source. Its occurring randomly on devices
Step 1: After enrolling the device in MDM . try to send a clear passcode command to device .
Command :
There will be response from device with below format
Response:
On Checking the MDM Protocol Reference - Protocol Ref
I can only able to see “5013 Cannot clear passcode” with respect to this issue. Other than it nothing can be seen in any apple docs too.
We dont know why this issue occurs and it is resolved after any pending os update or ReEnrolling devices to MDM. Is there any suggestion regarding this and why this happens for random devices.
Problem Description:
We are associating 1000 devices to 25 apps using Associate Assets API - https://vpp.itunes.apple.com/mdm/v2/assets/associate
We find the association completion state by two ways.
Method 1:
Using Event Status API - https://vpp.itunes.apple.com/mdm/v2/status
We test the success state of event by continuously polling event status API - until it provides COMPLETE/FAILURE in eventStatus.
For the above association, the time taken for event Status to give COMPLETE/FAILURE status for the above API is 30 seconds.
Improvement Needed: A new type of notification type can be introduced so that on association event completion, the notification request could return the event status response to MDM server without the need to poll the Event Status API from MDM.
Method 2: By Subscribing ASSET_MANAGEMENT notification
On subscribing ASSET_MANAGEMENT notification in clientConfig API - https://vpp.itunes.apple.com/mdm/v2/client/config, the asset management notification request is enabled.
"notificationTypes": [
"ASSET_MANAGEMENT"
]
On performing the association, each notification request reaches the MDM server with response in batch of 100 devices per 1 app.
Hence, more than 250 notifications requests(including duplicate requests) reaches the MDM server. This takes around 5 mins to complete provide the association results
Improvement Needed: The 100 devices status per 1 app for one notification request could be increased to make lesser notification requests and hence improving the time to receive the association response.
Hence, currently the Method 1 - using Event Status API provides the association completion response sooner than the Method 2 (Notifications). So, providing a notification type to subscribe for event Status could reduce the long time to provide all association response in ASSET_MANAGEMENT notification and eliminate the need to poll event status from MDM. Kindly consider this request.
Topic:
Business & Education
SubTopic:
General
Tags:
Apple Business Manager
Business and Enterprise
Device Management
wwdc2022-10045
Description:
Apps over 200MB will not be automatically downloaded in iOS device when deployed from MDM if "Ask If Over 200MB" is set under General -> App Store -> Mobile Data -> App Downloads. Is there a setting available for MDM to force enable "Always Ask" under General -> App Store -> Mobile Data -> App Downloads in iOS devices ? Kindly help us on this use case.
Topic:
App Store Distribution & Marketing
SubTopic:
General
Tags:
App Store
Device Management
Managed Settings
In a iPad device with OS Version 15.1, when deploying a app store app through MDM, the InstallApplication command receives "License Not Found" error in response. The app is not purchased through VPP and the "PurchaseMethod" key is not set in InstallApplication request command.
I have attached a sample request and response of InstallApplication commands.
InstallApplication command:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>InstallApplication;Collection=xxxx</string>
<key>Command</key>
<dict>
<key>RequestType</key>
<string>InstallApplication</string>
<key>iTunesStoreID</key>
<integer>xxxx</integer>
<key>ManagementFlags</key>
<integer>5</integer>
<key>Configuration</key>
<dict>
<key>ServerName</key>
<string>xxxx</string>
<key>ServerPort</key>
<string>xxxx</string>
<key>UDID</key>
<string>xxxx</string>
<key>ErID</key>
<string>xxxx</string>
<key>IsLanguagePackEnabled</key>
<string>true</string>
<key>authtoken</key>
<string>********</string>
<key>SCOPE</key>
<string>MDMOnDemand/MDMCloudEnrollment</string>
<key>Services</key>
<dict>
<key>urls</key>
<dict>
<key>IOSNativeAppServlet</key>
<string>xxxx</string>
<key>DeviceRegistrationServlet</key>
<string>xxxx</string>
<key>IOSCheckInServlet</key>
<string>xxxx</string>
<key>AppCatalogServlet</key>
<string>xxxx</string>
<key>MDMLogUploaderServlet</key>
<string>xxxx</string>
<key>mdmDocsServlet</key>
<string>xxxx</string>
<key>DFSDownloadURL</key>
<string>xxxx</string>
</dict>
<key>token_name</key>
<string>********</string>
<key>token_value</key>
<string>********</string>
</dict>
<key>IsSyncServerEnabled</key>
<true/>
<key>IsAnnouncementEnabled</key>
<true/>
</dict>
<key>ChangeManagementState</key>
<string>Managed</string>
</dict>
</dict>
</plist>
InstallApplication Response:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>InstallApplication;Collection=xxxx</string>
<key>ErrorChain</key>
<array>
<dict>
<key>ErrorCode</key>
<integer>1005</integer>
<key>ErrorDomain</key>
<string>DeviceManagement.error</string>
<key>LocalizedDescription</key>
<string>Could not install app.</string>
</dict>
<dict>
<key>ErrorCode</key>
<integer>9610</integer>
<key>ErrorDomain</key>
<string>ASDServerErrorDomain</string>
<key>LocalizedDescription</key>
<string>License not found</string>
</dict>
</array>
<key>Status</key>
<string>Error</string>
<key>UDID</key>
<string>xxxx</string>
</dict>
</plist>
Issue Description:
The Get Assets VPP License Management API (both 1.0.0 & 2.0.0) should return the assets with the adamIds of Apps available in App Store. For some location tokens, from this API, we get adamIds that are not available in App Store. The contentMetaData API doesn't return any response for these adamIds and they are not B2B apps too. How can we identify if the adamIds are of the apps that are removed from App Store? Or are we missing anything here? Kindly help us with this case.
Get Assets URL: https://vpp.itunes.apple.com/mdm/v2/assets
Topic:
Business & Education
SubTopic:
General
Tags:
Apple Business Manager
Business and Enterprise
Device Management
https://developer.apple.com/documentation/managedappdistribution
https://developer.apple.com/documentation/appdistribution/fetching-and-displaying-managed-apps
We have tested the above apple documentation regarding Managed Application Distribution .
To Note : We are trying to provide a custom AppStore in our MDM App for Managed Apps.
We have done all the steps mentioned in the documentation
Got Entitlement and enabled for the app.
Used the Exact code in a new swift UI Project
Attaching Screenshots for the compile time error , i get
First Screenshot , shows an error when building the project with a physical device(iOS 17.4).
Seconds one , shows different error when building with a simulator.
I have checked all the apple documentations and wwdc videos for further clue on this. But no help !
It will be helpful, if anyone help me with exact working model for this framework.
Hi all ,
We are planning to manage about 1 Million+ Apple devices of inclusive of both iPhone and Mac devices under a AxM Account. However while adding VPP Licenses for an App i'm prompted with below error:
" You cannot order more than 100000 copies of same the free item per week"
While our goal is to manage 1 Million devices under same Location token , i have below questions in mind
1 . What is the upper limit of number of Licenses that can be added per app in a Location token?
Currently it says 1 Lakh Licenses per app per week . Wanted to know if there is any limit on this count as it shouldn't surprise us in upcoming weeks.
2 . How many Locations can be created in a AxM Account?
Currently we created about 15 location to see if there are any limit but so far couldn't find any limit on number of locations that can be created. This limit could help us plan our deployment in advance
3 . What is the total number of licenses a VPP Location token can hold ?
As we manage 1 Million Devices for 12 Apps , 1 Million x 12= 12 Million licenses would be transacted in this location token by our MDM Solution , is this okay or will there be any limitations in this count
Topic:
Developer Tools & Services
SubTopic:
General
Tags:
Enterprise
Apple Business Manager
Device Management