Hi, We are developing a Network Extension Content Filter plugin, we are using the Apple Configurator 2 to create profiles that are installed on supervised devices. I the project has entitlements setup for Network Extensions and App Groups I have created a Content Filter payload with the appropriate data, ServerAddress, UserName and Password My goal here is to use credentials found in configuration profile to create credentials used in URLSession requests Now here is where I have gotten confused. I've read this post https://developer.apple.com/forums/thread/70806 this pointed me to use the keychain access groups. "I suspect you’re being bitten by keychain access groups. Security items installed via a configuration profile typically go into the com.apple.managed.vpn.shared access group" Then I have found the following: https://developer.apple.com/forums/thread/67613 but I am still confused. "This entitlement is only necessary if your VPN supports configuration via a configuration profile and needs to access credentials from that profile (as discussed in the Profile Configuration section of the NETunnelProviderManager Reference)." "Access to this keychain access group requires a special entitlement. If you need that entitlement, please open a DTS tech support incident and we will take things from there" Questions: Is it the same keychain for credentials for a Content Filter configured via configuration profile? Do I need to create a DTS tech support ticket to get keychain access? /Cheers Kristofer Linnestjerna

Why do I get a different version of the os version string from the hardened runtime? We have a cross platform mono app that we written some platform specific code for, mainly to get the version string from macOS the code reads the /System/Library/CoreServices/SystemVersion.plist and parses out ProductName and ProductUserVisibleVersion from the plist file. If I compare the to files, there are some different values. Big Sur Beta, running cat in terminal: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>ProductBuildVersion</key> <string>20A5395g</string> <key>ProductCopyright</key> <string>1983-2020 Apple Inc.</string> <key>ProductName</key> <string>macOS</string> <key>ProductUserVisibleVersion</key> <string>11.0</string> <key>ProductVersion</key> <string>11.0</string> <key>iOSSupportVersion</key> <string>14.2</string> </dict> </plist> Big Sur Beta, running inside the hardened runtime: <plist version="1.0"> <dict> <key>ProductBuildVersion</key> <string>20A5395g</string> <key>ProductCopyright</key> <string>1983-2020 Apple Inc.</string> <key>ProductName</key> <string>Mac OS X</string> <key>ProductUserVisibleVersion</key> <string>10.16</string> <key>ProductVersion</key> <string>10.16</string> <key>iOSSupportVersion</key> <string>14.2</string> </dict> </plist> my question is basically if this will change in the public release of Big Sur, or what other way is there to get the os version string that is more correct in a hardened runtime environment?