Post

Replies

Boosts

Views

Activity

Verify/Set Recovery lock acknowledgment issues
VerifyRecoveryLockResponse - in this response, we do not get a key as VerifyRecoveryLock like its seen in VerifyFirmwarePasswordResponse where we get a key as VerifyFirmwarePassword. So should we rely only on the commanduuid to map to type of response and handle result accordingly for this type? <dict> <key>CommandUUID</key> <string>08b5bfb1-b547-43b4-b453-340a0dadeb7d</string> <key>PasswordVerified</key> <true/> <key>Status</key> <string>Acknowledged</string> <key>UDID</key> <string>B29422F1-756E-5370-966E-3A6E9E969096</string> </dict> . SetRecoveryLockResponse - in this response also we do not get a key to identify acknowledgement as 'SetRecoveryLockResponse' ( but we can identify with the CommandUUID) . we do not have any field as 'PasswordChanged' to confirm if its already changed like we have for SetFirmwarePasswordResponse. <dict> <key>CommandUUID</key> <string>d19f5ac9-31be-4cd9-9e20-0b034108855a</string> <key>Status</key> <string>Acknowledged</string> <key>UDID</key> <string>B29422F1-756E-5370-966E-3A6E9E969096</string> </dict> even though we could compare commanduuid, it would have been better if we also get the
0
0
540
Aug ’21
MDM client(device) is ignoring the query params as part of auth challenge url
In new Userenrollment flow (Account driven User enrollment), we are challenging the authentication by sending authentication URL which has a query parameter source=NATIVE as below : WWW-Authenticate: Bearer method="apple-as-web", url="https://ourauthserverdomain.com/ireg/index.html?source=NATIVE but when device makes the request to this url when it opens the webview it is ignoring query parameter sent from server (here, source=NATIVE).
1
0
655
Aug ’21
Account driven UserEnrollment - Device info request body parsing issue
We are trying out Account Driven User Enrollment feature. Device is expected to send the device info(plist) (snippet below) during User enrolment in new flow as part of profile download request. Device is sending with HTTP request content type as "application/x-www-form-urlencoded", because of this HTTP request content type, we are not able to read the body as stream of bytes and parse the xml. In comparison to usual device enrolment workflow device info gets posted with the http request content-type  as "application/pkcs7-signature" which has been working fine without any issues. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>LANGUAGE</key> <string>en-US</string> <key>PRODUCT</key> <string>iPhone10,2</string> <key>VERSION</key> <string>19A222</string> </dict> </plist> Can you please confirm if this is an issue from Apple side? Any suggestions around this?
1
0
784
Aug ’21
Anomalies in behaviour for allowed / blocked apps on iOS 14.x & iOS 15
We are observing few issues when allow / block list of apps restriction is pushed to iOS 14.5 & iOS 15 devices. Below are the list of issues: System apps are not accessible from Device Layout when a specific non-system app bundle id is added to allowed list. This behaviour is seen both on iOS 14.x & 15. For example calendar, notes, email apps are missing but apps like feedback assistant, whether widgets are seen. When any app is added to blocked app list, all system apps are missing in layout iOS15 but are accessible from App Library. Where as on iOS 14.5 system apps are displayed on Device Layout & App Library even when a particular non-system app is added to blocked app list. On device retirement from MDM, all the apps are not reappearing on the Device layout if allowed / blocked app list was earlier distributed. Only upon uninstall of another app all the apps reappear. When Allowed & Blocked apps list restrictions are sent to device only Web Clip apps are present on Device Layout. Please direct to the right documentation which can confirm the right behaviour of these restrictions on the device.
0
0
576
Aug ’21
Does WebContentFilter allow multiple or single payload
As per the Web content filter payload documentation at https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf page#106, it allows multiple payloads. But as per the latest document https://developer.apple.com/documentation/devicemanagement/webcontentfilter?changes=latest_major, it does not allow multiple payloads. Can we get answers for the below queries? What is the current expected behaviour WRT to multi /single payloads for web content payload on iOS and macOS? If the functionality is changed to single payload from multiple payloads, from which iOS and macOS versions is this change effective? If multiple payloads were earlier accepted and the device is updated to a version where only single payload is allowed, how does device prioritise/ merge the payloads during update?
1
0
660
May ’21
iOS : Validation of revoked certificates
We sent certificate revocation payload documented at https://developer.apple.com/documentation/devicemanagement/certificaterevocation to iOS device. On the device, the "Certificate Revocation Configuration" is listed but do not see any effect of this revocation. We revoked the certificate of a website and tried to access it from Safari. The access is not blocked. How can we check that the certificates are actually revoked?
0
0
531
May ’21
what is the significance of iOSApp flag in installApplication command?
Without iosApp flag in the InstallApplication command we are able to install an iOS app in mac11 device.    https://developer.apple.com/documentation/devicemanagement/installapplicationcommand/command                As per doc, this flag has to be set to true so that ios app can be installed on mac device, but even without this flag ( default false), the iOS apps installation on MacOS 11 is successful. What is the significance of iOSApp flag?
0
0
574
May ’21
which iOS apps can be be installed on M1 devices?
Is there any metadata in ios apps that can be used to determine if an iOS app can be installed on M1 device? https://affiliate.itunes.apple.com/resources/documentation/itunes-store-web-service-search-api/ - metadata returned by this search API does not have any indication of whether the iOS app is applicable for macOS 11 or not? Ex: curl -s 'https://itunes.apple.com/lookupid=281796108&amp;amp;country=RU&amp;amp;l ang=en' O/p of the API response is attached. O/P of API of App that is also applicable on M1 - https://developer.apple.com/forums/content/attachment/53aab414-e2bc-4f67-a5e7-b82df6b6bd89
0
0
966
May ’21
file-type values in Dock.StaticItem.Tile-data
As per documentation at https://developer.apple.com/documentation/devicemanagement/dock/staticitem/tile-data, file-type is a required field and the possible values are 0, 1, 3. But in the file present on Mac device at ~/Library/preferences/com.apple.dock.plist, the values for file-type are 41, 40, 2, 1, 169. Can you please help with the valid possible values for the field file-type? And also please help with what each those values mean? Attached the dock preference file from Mac device. com.apple.dock.plist - https://developer.apple.com/forums/content/attachment/8f8e62a4-322b-45b1-a94d-643d8539589b
0
0
668
Mar ’21
Any risk with forceWiFiToAllowedNetworksOnly new ios14.5 restriction
Hi, in ios14.5 we have new restriction "forceWiFiToAllowedNetworksOnly". This limits device to only join Wi-Fi networks set-up via configuration profile. If there is no valid wifi payload installed then this would stop communication with MDM server right? If so, is there any recommendation on how to handle this or whether there are any constraints to check and not send this recommendation if so?
1
0
834
Mar ’21