We are trying to connect macOS devices to Wi-Fi using Wi-Fi configuration profile in MDM. EAP type is PEAP - MSCHAPv2 with both System and LoginWindow setup modes enabled, but unfortunately devices are getting stuck in connecting phase of the Wi-Fi without actually getting connected. We have also send the Sysdiagnose logs to Apple feedback assistance(Ref ID:FB9965644) Please find the configuration we have used below <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>     <key>PayloadVersion</key>     <integer>1</integer>     <key>PayloadUUID</key>     <string>5f9c93d0-f2b4-45b2-9367-e65a52d1f1a9</string>     <key>PayloadType</key>     <string>Configuration</string>     <key>PayloadOrganization</key>     <string>MDM</string>     <key>PayloadIdentifier</key>     <string>com.mdm.0583c3c2-4fe2-414a-9bc6-87467f0fef02.MacOSWifi</string>     <key>PayloadDisplayName</key>     <string>Wifi_Corp</string>     <key>PayloadRemovalDisallowed</key>     <true/>     <key>PayloadContent</key>     <array>         <dict>             <key>PayloadVersion</key>             <integer>1</integer>             <key>PayloadUUID</key>             <string>f962f11d-6524-4061-b93b-82975dd7512b</string>             <key>PayloadType</key>             <string>com.apple.wifi.managed</string>             <key>PayloadOrganization</key>             <string>MDM</string>             <key>PayloadIdentifier</key>             <string>f962f11d-6524-4061-b93b-82975dd7512b</string>             <key>PayloadDisplayName</key>             <string>Wifi Profile Configuration</string>             <key>SSID_STR</key>             <string>--SSID Over Here--</string>             <key>AutoJoin</key>             <true/>             <key>SetupModes</key>             <array>                 <string>System</string>                 <string>Loginwindow</string>             </array>             <key>HIDDEN_NETWORK</key>             <false/>             <key>EAPClientConfiguration</key>             <dict>                 <key>AcceptEAPTypes</key>                 <array>                     <integer>21</integer>                     <integer>25</integer>                 </array>                 <key>EAPFASTUsePAC</key>                 <false/>                 <key>EAPFASTProvisionPAC</key>                 <false/>                 <key>EAPFASTProvisionPACAnonymously</key>                 <false/>                 <key>UserName</key>                 <string>---UserName Over here---</string>                 <key>UserPassword</key>                 <string>--Password Over here--</string>                 <key>TTLSInnerAuthentication</key>                 <string>MSCHAPv2</string>                 <key>PayloadCertificateAnchorUUID</key>                 <array>                     <string>b68ceae9-5752-44a3-887c-4dd422428f3d</string>                 </array>             </dict>             <key>EncryptionType</key>             <string>Any</string>             <key>ProxyType</key>             <string>None</string>         </dict>         <dict>             <key>PayloadVersion</key>             <integer>1</integer>             <key>PayloadUUID</key>             <string>b68ceae9-5752-44a3-887c-4dd422428f3d</string>             <key>PayloadType</key>             <string>com.apple.security.root</string>             <key>PayloadOrganization</key>             <string>MDM</string>             <key>PayloadIdentifier</key>             <string>b68ceae9-5752-44a3-887c-4dd422428f3d</string>             <key>PayloadDisplayName</key>             <string>iOS Certificate Policy</string>             <key>PayloadContent</key>             <data>                 -----Trust Certificate Data Here---             </data>             <key>PayloadCertificateFileName</key>             <string>----Certificate file name.cer----</string>         </dict>     </array> </dict> </plist>

Description: From MDM, the InstalledApplicationList command is sent to device for querying the list of Installed Apps. Some apps doesn't have version(both Version & ShortVersion) in the response. But the "Installing" key is false for them which should mean that the app is already Installed. But the app version is not available in the response. Also, for these apps without app version, the "IsValidated" key gives "false" value. But these apps are installed on the device. Kindly help us understand about this case. Sample Response of InstalledApplicationList: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstalledApplicationList</string> <key>InstalledApplicationList</key> <array> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>135618560</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>850215498</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>net.whatsapp.WhatsApp</string> <key>Installing</key> <false/> <key>IsValidated</key> <false/> <key>Name</key> <string>‎WhatsApp</string> </dict> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>185229312</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>849733664</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>com.microsoft.azureauthenticator</string> <key>Installing</key> <false/> <key>IsValidated</key> <true/> <key>Name</key> <string>Authenticator</string> <key>ShortVersion</key> <string>6.5.98</string> <key>Version</key> <string>20</string> </dict> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>287129600</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>849978495</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>com.microsoft.skype.teams</string> <key>Installing</key> <false/> <key>IsValidated</key> <false/> <key>Name</key> <string>Teams</string> </dict> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>213839872</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>850097782</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>com.google.Maps</string> <key>Installing</key> <true/> <key>IsValidated</key> <false/> <key>Name</key> <string>Google Maps</string> </dict> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>43339776</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>848157118</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>com.manageengine.mdm.iosagent</string> <key>Installing</key> <false/> <key>IsValidated</key> <true/> <key>Name</key> <string>ME MDM</string> <key>ShortVersion</key> <string>22.04.01</string> <key>Version</key> <string>1558</string> </dict> <dict> <key>AdHocCodeSigned</key> <false/> <key>AppStoreVendable</key> <false/> <key>BetaApp</key> <false/> <key>BundleSize</key> <integer>209174528</integer> <key>DeviceBasedVPP</key> <true/> <key>ExternalVersionIdentifier</key> <integer>848848517</integer> <key>HasUpdateAvailable</key> <false/> <key>Identifier</key> <string>us.zoom.videomeetings</string> <key>Installing</key> <false/> <key>IsValidated</key> <false/> <key>Name</key> <string>Zoom</string> </dict> </array> <key>Status</key> <string>Acknowledged</string> <key>UDID</key> <string>00000-000000-000000</string> </dict> </plist> Some apps with the issue in the given response:- net.whatsapp.WhatsApp, com.microsoft.skype.teams, us.zoom.videomeetings, etc.

Issue Description: Licenses Expiring - The licenses for [app_name] and 'x' other applications will expire in 'n' days. The given App Store Notification is displayed in many iPad devices. All the apps for which the notification is shown are purchased from ABM (VPP apps). The licenses are still assigned to devices and are not revoked which is made sure from VPP API. The VPP token is also not nearing expiration and it has more than 6 months time for expiry. Screenshot of the notification is attached below Kindly help us with the reason for this behavior

Hello All, We are looking to implement the ACME protocol for our organization PKI and as of now, we are trying out the demo ACME server hosted here. So far, we had a minor piece of luck in getting it to work properly twice, but after that, it errors out every time. This is the payload we are using: &amp;amp;lt;?xml version="1.0" encoding="UTF-8"?&amp;amp;gt; &amp;amp;lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&amp;amp;gt; &amp;amp;lt;plist version="1.0"&amp;amp;gt; &amp;amp;lt;dict&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;PayloadContent&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;array&amp;amp;gt; &amp;amp;lt;dict&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;ClientIdentifier&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;123123123123123123123&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;ExtendedKeyUsage&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;array&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;1.3.6.1.5.5.7.3.2&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;/array&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;HardwareBound&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;true/&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;KeySize&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;integer&amp;amp;gt;384&amp;amp;lt;/integer&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;KeyType&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;ECSECPrimeRandom&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;KeyUsage&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;integer&amp;amp;gt;5&amp;amp;lt;/integer&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;PayloadIdentifier&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;com.example.test&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;PayloadType&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;com.apple.security.acme&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;PayloadUUID&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;sdf-feec-4171-878d-34e576bbb813&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;PayloadVersion&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;integer&amp;amp;gt;1&amp;amp;lt;/integer&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;Subject&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;array&amp;amp;gt; &amp;amp;lt;array&amp;amp;gt; &amp;amp;lt;array&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;C&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;US&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;/array&amp;amp;gt; &amp;amp;lt;/array&amp;amp;gt; &amp;amp;lt;array&amp;amp;gt; &amp;amp;lt;array&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;O&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;Example Inc.&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;/array&amp;amp;gt; &amp;amp;lt;/array&amp;amp;gt; &amp;amp;lt;array&amp;amp;gt; &amp;amp;lt;array&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;CN&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;test&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;/array&amp;amp;gt; &amp;amp;lt;/array&amp;amp;gt; &amp;amp;lt;/array&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;SubjectAltName&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;dict&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;dNSName&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;site.example.com&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;/dict&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;DirectoryURL&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;https://ca.attestation.dev/acme/acme/directory&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;/dict&amp;amp;gt; &amp;amp;lt;/array&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;PayloadDisplayName&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;ACME&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;PayloadIdentifier&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;com.example.test&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;PayloadType&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;Configuration&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;PayloadUUID&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;string&amp;amp;gt;ce876f81-abf0-46f9-9e68-9b3a7ede8097&amp;amp;lt;/string&amp;amp;gt; &amp;amp;lt;key&amp;amp;gt;PayloadVersion&amp;amp;lt;/key&amp;amp;gt; &amp;amp;lt;integer&amp;amp;gt;1&amp;amp;lt;/integer&amp;amp;gt; &amp;amp;lt;/dict&amp;amp;gt; &amp;amp;lt;/plist&amp;amp;gt; We get the below errors from the ACME server: order status is "pending", not yet "valid" order status is "ready", not yet "valid" Any insights on what we are doing wrong could be helpful. Thanks in advance.

Pre Note: This issue not reproducing so promisingly. We cant find its issue source. Its occurring randomly on devices Step 1: After enrolling the device in MDM . try to send a clear passcode command to device . Command : There will be response from device with below format Response: On Checking the MDM Protocol Reference - Protocol Ref I can only able to see “5013 Cannot clear passcode” with respect to this issue. Other than it nothing can be seen in any apple docs too. We dont know why this issue occurs and it is resolved after any pending os update or ReEnrolling devices to MDM. Is there any suggestion regarding this and why this happens for random devices.

Problem Description: We are associating 1000 devices to 25 apps using Associate Assets API - https://vpp.itunes.apple.com/mdm/v2/assets/associate We find the association completion state by two ways. Method 1: Using Event Status API - https://vpp.itunes.apple.com/mdm/v2/status We test the success state of event by continuously polling event status API - until it provides COMPLETE/FAILURE in eventStatus. For the above association, the time taken for event Status to give COMPLETE/FAILURE status for the above API is 30 seconds. Improvement Needed: A new type of notification type can be introduced so that on association event completion, the notification request could return the event status response to MDM server without the need to poll the Event Status API from MDM. Method 2: By Subscribing ASSET_MANAGEMENT notification On subscribing ASSET_MANAGEMENT notification in clientConfig API - https://vpp.itunes.apple.com/mdm/v2/client/config, the asset management notification request is enabled. "notificationTypes": [ "ASSET_MANAGEMENT" ] On performing the association, each notification request reaches the MDM server with response in batch of 100 devices per 1 app. Hence, more than 250 notifications requests(including duplicate requests) reaches the MDM server. This takes around 5 mins to complete provide the association results Improvement Needed: The 100 devices status per 1 app for one notification request could be increased to make lesser notification requests and hence improving the time to receive the association response. Hence, currently the Method 1 - using Event Status API provides the association completion response sooner than the Method 2 (Notifications). So, providing a notification type to subscribe for event Status could reduce the long time to provide all association response in ASSET_MANAGEMENT notification and eliminate the need to poll event status from MDM. Kindly consider this request.

On a supervised device running iOS 18 without any AirDrop restrictions applied, when a profile with allowListedAppBundleIDs restriction key is installed, the AirDrop sound plays. But still the accept prompt does not appear, making it impossible to accept files. The prompt works as expected on iOS 18 devices to which the allowListedAppBundleIDs restriction is not installed. This issue occurs only on supervised iOS 18 devices to which the allowListedAppBundleIDs restriction is being applied. Device must be in iOS 18 version > Install the (allowListedAppBundleIDs restriction) profile with the device > Try to AirDrop files to the managed device. The expected result is that the accept prompt must pop up but it does not appear. This issue is occurring irrespective of any Whitelisted bundle ID being added to the allowListedAppBundleIDs restriction profile. Have attached a few Whitelisted bundle ID here com.talentlms.talentlms.ios.beta, com.maxaccel.safetrack, com.manageengine.mdm.iosagent, com.apple.weather, com.apple.mobilenotes, gov.dot.phmsa.erg2, com.apple.calculator, com.manageengine.mdm.iosagent, com.apple.webapp, com.apple.CoreCDPUI.localSecretPrompt etc. Have raised a Feedback request (FB15709399) with sysdiagnose logs and a short video on the issue.

We are facing issues in VPP Client Configuration API ( POST: https://vpp.itunes.apple.com/mdm/VPPClientConfigSrv ). For some VPP token, the "clientContext" key in the response says "token being used in v2" instead of giving a proper clientContext. These VPP tokens aren't actually added in any other MDM than ours. But it gives this as response. Also, we didn't use the new API for setting VPP Client Configuration too. We are seeing this issue for some VPP tokens in random. We would like to understand this behaviour in VPP tokens.