We are facing issues in VPP Client Configuration API ( POST: https://vpp.itunes.apple.com/mdm/VPPClientConfigSrv ). For some VPP token, the "clientContext" key in the response says "token being used in v2" instead of giving a proper clientContext. These VPP tokens aren't actually added in any other MDM than ours. But it gives this as response. Also, we didn't use the new API for setting VPP Client Configuration too. We are seeing this issue for some VPP tokens in random. We would like to understand this behaviour in VPP tokens.

After Energy Saver mobileconfig file with Display sleep time as 1 and System Sleep time as 2 successfully, and then when you change the settings in System Preference->Energy Saver manually. The time that was set manually takes effect instead of what MDM has set for MacBook Pro(Intel Chip tried in both Sierra as well as Monterey). Please find the mobileconfig that we tried below. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>     <key>PayloadContent</key>     <array>         <dict>             <key>PayloadDisplayName</key>             <string>Energy Saver</string>             <key>PayloadIdentifier</key>             <string>com.286E9EC9-588D-4BDC-B90C-F4FBAC58A2F0.com.apple.MCX.24D336A4-FE03-493F-81B6-C4CEB640F58F</string>             <key>PayloadType</key>             <string>com.apple.MCX</string>             <key>PayloadUUID</key>             <string>24D336A4-FE03-493F-81B6-C4CEB640F58F</string>             <key>PayloadVersion</key>             <integer>1</integer>             <key>com.apple.EnergySaver.portable.ACPower</key>             <dict>                 <key>Disk Sleep Timer</key>                 <integer>5</integer>                 <key>Display Sleep Timer</key>                 <integer>1</integer>                 <key>System Sleep Timer</key>                 <integer>2</integer>             </dict>             <key>com.apple.EnergySaver.portable.BatteryPower</key>             <dict>                 <key>Disk Sleep Timer</key>                 <integer>5</integer>                 <key>Display Sleep Timer</key>                 <integer>1</integer>                 <key>System Sleep Timer</key>                 <integer>2</integer>             </dict>         </dict>     </array>     <key>PayloadDisplayName</key>     <string>Energy Saver</string>     <key>PayloadIdentifier</key>     <string>A5406D19-83C6-45B2-B6D2-EF9AF9D59EA8</string>     <key>PayloadRemovalDisallowed</key>     <false/>     <key>PayloadType</key>     <string>Configuration</string>     <key>PayloadUUID</key>     <string>803ABA57-F75B-42EB-9849-15D7EAE7B7FA</string>     <key>PayloadVersion</key>     <integer>1</integer> </dict> </plist>

We tried this Global Preference configuration profile payload to enable fast switching in the device, but unfortunately, after successfully applying the payload, fast user switching still remains disabled in the device with the user restricted to modify the setting. PFA the screenshot of the settings applied in the Profile as well as a screenshot of Login Window settings. OS version: macOS 12.1 <dict> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>7b3041b6-d1fb-43d8-af8c-1028cde8b534</string> <key>PayloadType</key> <string>.GlobalPreferences</string> <key>PayloadOrganization</key> <string>MDM</string> <key>PayloadIdentifier</key> <string>7b3041b6-d1fb-43d8-af8c-1028cde8b534</string> <key>PayloadDisplayName</key> <string>Mac Global Preference payload</string> <key>MultipleSessionEnabled</key> <true/> <key>LULookupDisabled</key> <false/> <key>com.apple.autologout.AutoLogOutDelay</key> <integer>0</integer> </dict>

For creating APNS certificate, we use a signed CSR from our MDM vendor which is a .plist file. We were using this for quite some years now. But currently APNS portal throws error saying invalid file type (as attached below) Is the Portal updated to support only .csr / .txt / .rtf? Can anyone help to use the correct file format. (P.S: Works if we edit the extension & upload it)

Some customers wants to add a remote file address in the Files App -> Connect to Server option. For now , We cant find any api's to add this to the device via any Commands /Profiles . Is it not at all possible to add this to Files app or am i missing something? If it is not yet supported and no apis available , Will it be available in Future ? Needed some help here.

Our MDM server is hosted with our enterprise. All the devices pass through the proxy & firewall server to reach it. Due to some misconfiguration, our proxy server responded with 401 to all the requests. Later we noticed that the MDM profile is missing from some of the devices. On checking with the MDM team, they forwarded us to Apple documents saying this is out of their control and 401 response would remove MDM profile. Could this be handled in such a way that, MDM server could have some control over this, say only MDM server can send 401 to remove the profile. Has anyone faced this. Any help this would be appreciated.

What were you doing on the device just before the crash occurred? Pushed an App update for the autonomous kiosk enabled mode via MDM Which of the following did you encounter on-screen when the system crash occurred Stuck on Black Screen (Had to Force Reboot device) Steps to Reproduce: Created two versions of the enterprise app, which will enter guided access mode on launch. With MDM, we have created a Autonomous Kiosk Profile with the app(say Version 1) we created and pushed the profile to the device . Checked that the profile payload is in correct format . On Launching the App , the device enters kiosk mode and i was unable to exit the app (Expected Behaviour). Other Functionalities of the app worked good. Now pushed another enterprise app of higher version (say Version 2) . Actual Behaviour : App got to background and app is seen to updating with a loading symbol over it. After App got successfully updated, App Launches and done. The Device hangs. Cant touch anything or move to background or lock the screen. I could only get back the device only after starting remote Restart command from MDM. Expected Behaviour : On App update , App should get updated and then App should be again relaunched automatically on successful update . System shouldn’t be freezed. can anyone help me with this case? Whether this is the behaviour or anything to add in guided access enabled app? Thanks in Advance

Description: From MDM, the InstalledApplicationList command is sent to device for querying the list of Installed Apps. Some apps doesn't have version(both Version & ShortVersion) in the response. But the "Installing" key is false for them which should mean that the app is already Installed. But the app version is not available in the response. Also, for these apps without app version, the "IsValidated" key gives "false" value. But these apps are installed on the device. Kindly help us understand about this case. Sample Response of InstalledApplicationList: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstalledApplicationList</string> <key>InstalledApplicationList</key> <array> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>135618560</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>850215498</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>net.whatsapp.WhatsApp</string> <key>Installing</key> <false/> <key>IsValidated</key> <false/> <key>Name</key> <string>‎WhatsApp</string> </dict> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>185229312</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>849733664</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>com.microsoft.azureauthenticator</string> <key>Installing</key> <false/> <key>IsValidated</key> <true/> <key>Name</key> <string>Authenticator</string> <key>ShortVersion</key> <string>6.5.98</string> <key>Version</key> <string>20</string> </dict> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>287129600</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>849978495</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>com.microsoft.skype.teams</string> <key>Installing</key> <false/> <key>IsValidated</key> <false/> <key>Name</key> <string>Teams</string> </dict> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>213839872</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>850097782</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>com.google.Maps</string> <key>Installing</key> <true/> <key>IsValidated</key> <false/> <key>Name</key> <string>Google Maps</string> </dict> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>43339776</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>848157118</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>com.manageengine.mdm.iosagent</string> <key>Installing</key> <false/> <key>IsValidated</key> <true/> <key>Name</key> <string>ME MDM</string> <key>ShortVersion</key> <string>22.04.01</string> <key>Version</key> <string>1558</string> </dict> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>209174528</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>848848517</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>us.zoom.videomeetings</string> <key>Installing</key> <false/> <key>IsValidated</key> <false/> <key>Name</key> <string>Zoom</string> </dict> </array> <key>Status</key> <string>Acknowledged</string> <key>UDID</key> <string>00000-000000-000000</string> </dict> </plist> Some apps with the issue in the given response:- net.whatsapp.WhatsApp, com.microsoft.skype.teams, us.zoom.videomeetings, etc.

Description: An app update of a app store app or a enterprise app is pushed from MDM using "InstallApplication" command to an iOS device. The app is opened in foreground when an update is pushed. The device is supervised and the app is VPP purchased. When the command is sent to device, the app doesn't update automatically and shows a prompt to update the app. Kindly help us understand this case. Sample InstallApplication Request: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication;Sample=000000</string> <key>Command</key> <dict> <key>RequestType</key> <string>InstallApplication</string> <key>iTunesStoreID</key> <integer>1113153706</integer> <key>InstallAsManaged</key> <true/> <key>ManagementFlags</key> <integer>5</integer> <key>Options</key> <dict> <key>PurchaseMethod</key> <integer>1</integer> </dict> <key>ChangeManagementState</key> <string>Managed</string> </dict> </dict> </plist> Sample InstallApplication Response: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication;Sample=000000</string> <key>Identifier</key> <string>com.microsoft.skype.teams</string> <key>State</key> <string>PromptingForUpdate</string> <key>Status</key> <string>Acknowledged</string> <key>UDID</key> <string>0000-000000-0000</string> </dict> </plist>

Issue Description: Apps that support both iOS and tvOS can have different versions in App Store for each type(iOS and tvOS) but same Bundle Identifier and iTunesStoreID/trackID. For example, the iOS version of YouTube has the latest version in App Store as 17.30.3 the tvOS version of YouTube has the latest version in App Store as 2.07.01 This can be verified from two by two specific iTunes look Up API as shown below https://itunes.apple.com/lookup?id=544007664 https://itunes.apple.com/lookup?id=544007664&entity=tvSoftware Sample contentMetadataLookup URL: https://uclient-api.itunes.apple.com/WebObjects/MZStorePlatform.woa/wa/lookup?version=2&id=544007664&p=mdm-lockup&caller=MDM&platform=enterprisestore&cc=us&l=en Queries: What should we do to get the tvOS specific version of an app in contentMetadataLookup URL? The trackViewURL doesn't show tvOS specific version history of the app - https://apps.apple.com/us/app/youtube-watch-listen-stream/id544007664?platform=appleTV . How should we view this the apps' tvOS specific version history? Kindly help us with the queries.

Issue description: A custom app is purchased from ABM portal for a location token. The license for the custom app is assigned to device and the "InstallApplication" command is sent to device. But the device gives "Invalid Status Code" in its response. Sample InstallApplication Request: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication;Collection=1111</string> <key>Command</key> <dict> <key>RequestType</key> <string>InstallApplication</string> <key>iTunesStoreID</key> <integer>1639088235</integer> <key>InstallAsManaged</key> <true/> <key>ManagementFlags</key> <integer>5</integer> <key>Options</key> <dict> <key>PurchaseMethod</key> <integer>1</integer> </dict> <key>ChangeManagementState</key> <string>Managed</string> </dict> </dict> </plist> Sample InstallApplication Response: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication;Collection=1111</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>301</integer> <key>ErrorDomain</key> <string>AMSErrorDomain</string> <key>LocalizedDescription</key> <string>Invalid Status Code</string> </dict> </array> <key>RejectionReason</key> <string>Other</string> <key>State</key> <string>Failed</string> <key>Status</key> <string>Error</string> <key>UDID</key> <string>0000-0000-XXXX-XXXX-000000XXXX</string> </dict> </plist> The App store region of the device and the custom app are same. But the app is installing the device. Kindly help us with this issue

Hi Community, We are happy to see how apple is committed towards making the true Single Sign On Experience and provide Seamless user experience. Hence We have been testing around The ExtensibleSingleSignOn profile specific payload using the Extension provided by Microsoft for Azure AD called CompanyPortal for macOS and Authenticator App for iOS respectively in both we have tried to deny the SSO flow for some native apps like Excel and Word, by specifying their bundle id's in key "DeniedBundleIdentifiers" provided in ExtensibleSingleSignOn profile. Even though we specify, these Apps seems to go with SSO flow and have not prompted for any credentials. May I know what is the behaviour of the key "DeniedBundleIdentifiers" and why in this case didn't block the SSO flow? And also to have some Knowledge on it. Is it the responsibility of the Extensions to block the Redirection from these Apps or the responsibility of Apple?

In VPP License Mgmt 2.0.0+ API endpoint for creating users - (POST https://vpp.itunes.apple.com/mdm/v2/users/create), what is the use of "email" & "managedAppleId" - keys? We are able to accept the invitation link in any apple id other than the one given during creation of user. Kindly help us understand the purpose of these two keys and how they should be used (separately/together).

Issue Description : Incase, if the app version for the iOS and iPadOS differs like iOS and tvOS how can we get the iPadOS app details in ContentMetaDataLookUp API.  sample contentMetadataURL for iOS : https://uclient-api.itunes.apple.com/WebObjects/MZStorePlatform.woa/wa/lookup?version=2&id=544007664&p=mdm-lockup&caller=MDM&platform=enterprisestore&cc=us&l=en Kindly help us with this case.

When we use Migration Assistant to transfer data from one machine to another or when restoring a backup, it breaks the MDM enrollment. Upon checking, we found that as the Identity Certificate in the KeyChain isn't available, the MDM agent is unable to initiate the communication. Is there any way to avoid behavior like this? Thanks in Advance.