We recently noticed that, In the TokenUpdate message from a MDM enrolled device, the PushMagic value is empty. The response from device is: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>MessageType</key> <string>TokenUpdate</string> <key>PushMagic</key> <string></string> <key>Token</key> <string>[redacted]</string> <key>Topic</key> <string>[redacted]</string> <key>UDID</key> <string>[redacted]</string> </dict> </plist> This is a MacBookPro9,2 with OS version 10.8.5. We would like to understand whether this is an issue. Or how to handle this.

We are experiencing issues on MDM enrolled devices where the SSL certificates are not trusted after the OS update. We use EnterpriseCA certificate in our server and pushed to devices during enrolment. But after OS update, the CA is missing from the ‘Certificate Trust settings’ in the device, but present under MDM profile. This make the devices to stop communicating with the server. For now we have manually installed the certificate on the devices and enabled full trust. But this involves user intervention and also end user can disable full trust anytime as the option is not greyed out, or remove the certificate from device. We would like to know if there is any other option to push the certificates without user intervention. And also the best practices to avoid this in future. Already we have seen this https://support.apple.com/en-in/HT212962 but it talks only about the Identity certificate. We would like to understand whether SSL certificates are also included in this.

We are trying to push a WiFi mobile config to a fleet of devices. Before mass deployment, we tried manually installing the WiFi mobile config in one Mac device. During manual profile installation It asks for a username-password. (Please see the image) I just click Install without providing anything. The device auto-joins with the WiFi, without asking for username and password We then pushed the same exact mobile config file via a MDM solution, and the profile installs fine. But the device doesn't auto-join the WiFi, and when I choose the WiFi network, it asks for a username and password, even though I have configured SystemModeCredentialsSource to be ActiveDirectory We have double-checked that there're no changes made to mobile config when deployed via MDM. Mobile Config: <dict> <key>AutoJoin</key> <true/> <key>SetupModes</key> <array> <string>System</string> <string>Loginwindow</string> </array> <key>EAPClientConfiguration</key> <dict> <key>AcceptEAPTypes</key> <array> <integer>25</integer> <integer>21</integer> </array> <key>PayloadCertificateAnchorUUID</key> <array> <string>UUID_here</string> <string>UUID_here</string> <string>UUID_here</string> </array> <key>TTLSInnerAuthentication</key> <string>MSCHAPv2</string> <key>SystemModeCredentialsSource</key> <string>ActiveDirectory</string> </dict> <key>EncryptionType</key> <string>WPA2</string> <key>HIDDEN_NETWORK</key> <false/> <key>PayloadDescription</key> <string>Configures Wi-Fi settings</string> <key>PayloadDisplayName</key> <string>Wi-Fi</string> <key>PayloadIdentifier</key> <string>com.test.wifi1</string> <key>PayloadType</key> <string>com.apple.wifi.managed</string> <key>PayloadUUID</key> <string>UUID_here</string> <key>PayloadVersion</key> <integer>1</integer> <key>SSID_STR</key> <string>Test</string> </dict> As a trial and error, We tried providing empty username-password and false to OneTimeUserPassword, in the EAPClientConfiguration, but still when connecting to the WiFi, I'm prompted for username and password. <key>OneTimeUserPassword</key> <false/> <key>UserName</key> <string></string> <key>UserPassword</key> <string></string> We are stuck in this for days. Any help would be appreciated. Please free feel to ask for more details if needed. Thanks in advance.

I have an issue where app store app deployed to devices in MDM with App lock policy profile is not updating when the update is pushed from MDM. Instruction: Enroll the device(AppleTVs) in MDM, then apply App Lock profile with any one app store app to the device. After profile is applied successfully and the app is installed, try to push an update for the app from MDM to the device Expected Result: The app must be updated to the newer version. Actual Result: The app doesn't update in the device.

Hi, We recently noticed that the following Macbook models have the same Model Identifier: MacBook Air (13-inch, Early 2015) MacBook Air (13-inch, 2017) Model Identifier: MacBookAir7,2. Source It causes a little confusion to know what model a device is. Is there any other key available in MDM's DeviceInformation to distinguish different Macbook models? Thanks in advance.

We are unable to find a key in the MDM's Device information query response that tells us whether a mac uses T1 or T2 security chip. Is there a way to deduce this with the device information response we are already receiving? Thank you.

Apple had deprecated some of the payload keys device management Profile Specific Payload instead they are given new keys for it blacklistedAppBundleIDs is deprecated and blockedAppBundleIDs added Apple Developer Doc Are deprecated and new keys are working on the upcoming iOS, iPadOS & Mac.? When are the deprecated keys going to not support permanently?

We have observed that Apple TV doesn't send Ethernet MAC information in DeviceInformation response. (Apple TV is connected to the Ethernet.)   We've confirmed that the following pre requisites are fulfilled on our side. The queries in Network information queries are available if the MDM host has a Network Information access right. Reference doc - https://developer.apple.com/business/documentation/MDM-Protocol-Reference.pdf &check; We have set the maximum access right available (8191).   EthernetMACs - The key to get the Ethernet MAC addresses. This value requires the Network Information access right, and is available in iOS 4 and later, and tvOS 6 and later. Reference doc - https://developer.apple.com/documentation/devicemanagement/deviceinformationcommand/command/queries. &check; The TV OS version of the device we are referring here is 14+. &check; The query dictionary contains the EthernetMACs key.   Is this supported for Apple TV devices as mentioned in the documentation? Please find the attached sample requests and responses.   ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keyCommandUUID/key stringDeviceInformation/string keyCommand/key dict keyRequestType/key stringDeviceInformation/string keyQueries/key array stringDeviceName/string stringOSVersion/string stringBuildVersion/string stringModelName/string stringModel/string stringProductName/string stringSerialNumber/string stringDeviceCapacity/string stringAvailableDeviceCapacity/string stringBatteryLevel/string stringCellularTechnology/string stringIMEI/string stringMEID/string stringModemFirmwareVersion/string stringICCID/string stringBluetoothMAC/string stringWiFiMAC/string stringCurrentCarrierNetwork/string stringSIMCarrierNetwork/string stringSubscriberCarrier-Network/string stringCarrierSettingsVersion/string stringPhoneNumber/string stringVoiceRoamingEnabled/string stringDataRoamingEnabled/string stringIsRoaming/string stringSubscriberMCC/string stringSubscriberMNC/string stringCurrentMCC/string stringCurrentMNC/string stringUDID/string stringIsSupervised/string stringIsDeviceLocatorServiceEnabled/string stringIsActivationLockEnabled/string stringIsDoNotDisturbInEffect/string stringiTunesStoreAccountIsActive/string stringEASDeviceIdentifier/string stringEthernetMACs/string stringPersonalHotspotEnabled/string stringLastCloudBackupDate/string stringIsCloudBackupEnabled/string stringIsMDMLostModeEnabled/string stringServiceSubscriptions/string stringLanguages/string stringLocales/string stringDeviceID/string stringOrganizationInfo/string stringAwaitingConfiguration/string stringMDMOptions/string stringiTunesStoreAccountHash/string stringSIMMCC/string stringSIMMNC/string stringOSUpdateSettings/string stringLocalHostName/string stringHostName/string stringCatalogURL/string stringIsDefaultCatalog/string stringPreviousScanDate/string stringPreviousScanResult/string stringPerformPeriodicCheck/string stringAutomaticCheckEnabled/string stringBackgroundDownloadEnabled/string stringAutomaticAppInstallationEnabled/string stringAutomaticOSInstallationEnabled/string stringAutomaticSecurityUpdatesEnabled/string stringIsMultiUser/string stringMaximumResidentUsers/string stringPushToken/string stringDiagnosticSubmissionEnabled/string stringAppAnalyticsEnabled/string stringIsNetworkTethered/string /array /dict /dict /plist Response to this request ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict     keyCommandUUID/key     stringDeviceInformation/string     keyQueryResponses/key     dict         keyAwaitingConfiguration/key         false/         keyBluetoothMAC/key         stringxx:xx:xx:xx:xx:xx/string         keyBuildVersion/key         stringxxxxxxx/string         keyDeviceID/key         stringxx:xx:xx:xx:xx:xx/string         keyDeviceName/key         stringxxx/string         keyIsSupervised/key         true/         keyMDMOptions/key         dict/         keyModel/key         stringMR912LL/string         keyModelName/key         stringAppleTV/string         keyOSVersion/key         string14.0.2/string         keyProductName/key         stringAppleTV5,3/string         keySerialNumber/key         stringxxxxxxxxxx/string         keyUDID/key         stringxxxx/string         keyWiFiMAC/key         stringxx:xx:xx:xx:xx:xx/string         keyiTunesStoreAccountIsActive/key         false/     /dict     keyStatus/key     stringAcknowledged/string     keyUDID/key     stringxxx/string /dict /plist   Thank you.