With iOS 14 devices we can see that Many MDM Commands Fails with error " Couldn’t communicate with a helper application." . This Error is more frequent in InstallApplication , InstallProfile command , but other MDM commads also face the same issue. I have attach sample response from some devices. We have seen this error in previous version of iOS but with iOS 14 these are very frequent. InstallApplication Errors <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication;Collection=51075000000853127</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>1005</integer> <key>ErrorDomain</key> <string>DeviceManagement.error</string> <key>LocalizedDescription</key> <string>Could not install app.</string> </dict> <dict> <key>ErrorCode</key> <integer>4097</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDID-UDID</string> </dict> </plist> <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication;Collection=33783000002227119</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>4099</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDIDUDIDUDID</string> </dict> </plist> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication;Collection=51075000000853127</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>1005</integer> <key>ErrorDomain</key> <string>DeviceManagement.error</string> <key>LocalizedDescription</key> <string>Could not install app.</string> </dict> <dict> <key>ErrorCode</key> <integer>4097</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDID-UDID</string> </dict> </plist> InstallProfile Errors <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>SingletonRestriction</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>4099</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDIDUDID</string> </dict> </plist> AvailableOSUpdate Error <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>AvailableOSUpdates</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>12050</integer> <key>ErrorDomain</key> <string>MCMDMErrorDomain</string> <key>LocalizedDescription</key> <string>The attempt to check for an available update failed.</string> <key>USEnglishDescription</key> <string>The attempt to check for an available update failed.</string> </dict> <dict> <key>ErrorCode</key> <integer>2214</integer> <key>ErrorDomain</key> <string>DeviceManagement.error</string> <key>LocalizedDescription</key> <string>Scan failed.</string> </dict> <dict> <key>ErrorCode</key> <integer>4097</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDIDUDIDUDID</string> </dict> </plist> ClearPasscode <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>ClearPasscode</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>701</integer> <key>ErrorDomain</key> <string>DeviceManagement.error</string> <key>LocalizedDescription</key> <string>The device’s passcode cannot be cleared.</string> </dict> <dict> <key>ErrorCode</key> <integer>4097</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDIDUDIDUDID</string> </dict> </plist>

Apple introduces MDM to subscribe to certain events in Apple business manager Apps and Books through specifying the URL in "notificationUrl" filed during client context command. What the best way to design it for a closed network MDM Server How does it work for MDM with a self-signed certificate or enterprise certificate? Will it cause any SSL issues?

We are experiencing issues with MDM Enrolled devices as the devices do not contact the MDM server randomly even on successful APNS notification. As documented by Apple, the device sends a Token update message when MDM Profile is installed in the device and whenever there is an OS update. We could see that device randomly loose connection with the MDM server over a period of time. We have verified that MDM sends notifications with the information received from the latest TokenUpdate from devices, however, few devices never seem to send token update messages to the MDM server nor respond to APNS wakeup. Currently, we are reinstalling MDM Profile in devices to trigger Token update again and to revive the device MDM contact. But as you can imagine for large enterprises this involves user intervention and becomes difficult to manage. It would be great if the Apple MDM team can clarify below What are the cases device sends TokenUpdate message to MDM What happens when the MDM server is not reachable during the first attempt of the Token update. As in many cases, the MDM server may not always be reachable to the device during OS update events etc. Is there any way to trigger Token update on iOS and macOS manually without reinstalling the MDM Profile again? It would be better designed if devices send Token updates often until it's acknowledged by MDM Server. Similar issues are reported in past: https://developer.apple.com/forums/thread/28918 https://developer.apple.com/forums/thread/671878

Hi , Is it possible to provide SHA256 in manifest URL to verify integrity in the client for deploying IPA files through MDM? Apple provides this option for macOS only and not for iOS according to protocol documentation and POC results. If it's not supported for iOS (ie.. IPA deployment), do we have any mechanisms to verify its integrity and how can we secure it?