We are investigating whether eSIM activation is possible.
Do you know how to set the SM-DP+ address, activation, and confirmation code?
I referred to the following, but I did not know how to set the activation code.
https://developer.apple.com/documentation/devicemanagement/refreshcellularplanscommand/command
Post
Replies
Boosts
Views
Activity
There is an item for EnforceRoutes in the following URL
https://developer.apple.com/documentation/devicemanagement/vpn/ikev2?changes=latest_minor
I don't quite understand "If true, all the VPN's non-default routes take precedence over any locally defined routes." in the function description of this item.
I would appreciate it if you could let me know how I can check this.
I am sending DeclarativeManagement with the MDM command, but it seems that it is not valid even if I send it to declaration-items
What can you think of?
iOS 16
MDM Command
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Command</key>
<dict>
<key>Data</key>
<data>
eyJTeW5jVG9rZW5zIjp7IlRpbWVzdGFtcCI6IjIwMjMtMTAtMThUMTE6MDY6MDJaIiwi
RGVjbGFyYXRpb25zVG9rZW4iOiJiNjU0NDAyN2EzMTVjZDAwODVkNGNmMDgxNzQ2MjRj
MmQxNDI0NDQ4MDQzMGE4N2IxNzZhMjcyN2U3MzY2MDA5In19
</data>
<key>RequestType</key>
<string>DeclarativeManagement</string>
</dict>
<key>CommandUUID</key>
<string>3398d0c0-8b36-4647-86ab-6a63f26d1576</string>
<key>UDID</key>
<string>XXXXXXX-ZZZZZZZZZZZZZz</string>
</dict>
</plist>
declaration-items Rersponse(json)
{
"DeclarationsToken": "1429e356-c51a-42a3-aff2-22963df30202",
"Declarations": {
"Assets": [
],
"Management": [
{
"Type": "com.apple.management.organization-info",
"Identifier": "e07d18d6-4ec6-432a-b474-9b8816d029a2",
"ServerToken": "4922d69c-c231-426d-9598-c3acb612069e",
"Payload": {
"Email": "email@example.com",
"Name": "Acme Inc",
"URL": "https://www.example.com"
}
}
],
"Configurations": [
{
"Type": "com.apple.configuration.legacy",
"Identifier": "84fe24b1-ac21-4a29-b279-70f715b3ac82",
"ServerToken": "0283b145-5791-4d7a-8a8e-7690e3a6db98",
"Payload": {
"ProfileURL": "https://gist.githubusercontent.com/jessepeterson/5a633f627bfc23f74153add89aee07f1/raw/f27458e05fd01b8ff9e7872a54aa2d543131afaa/cert-profile.mobileconfig"
}
},
{
"Type": "com.apple.configuration.passcode.settings",
"Identifier": "1f0ce810-6c6b-4021-86ae-2844396e58f8",
"ServerToken": "791e16ff-2011-4468-a201-de531d0c2326",
"Payload": {
"RequirePasscode": true,
"RequireComplexPasscode": false,
"RequireAlphanumericPasscode": false
}
},
{
"Type": "com.apple.configuration.management.status-subscriptions",
"Identifier": "004b8c95-3500-4ac8-9480-54311a462929",
"ServerToken": "888a4935-ef8d-4286-8c39-776fd8675f57",
"Payload": {
"StatusItems": [
{
"Name": "device.identifier.serial-number"
},
{
"Name": "device.identifier.udid"
},
{
"Name": "device.model.family"
},
{
"Name": "device.model.identifier"
},
{
"Name": "device.model.marketing-name"
},
{
"Name": "device.operating-system.build-version"
},
{
"Name": "device.operating-system.family"
},
{
"Name": "device.operating-system.marketing-name"
},
{
"Name": "device.operating-system.supplemental.build-version"
},
{
"Name": "device.operating-system.supplemental.extra-version"
},
{
"Name": "device.operating-system.version"
},
{
"Name": "mdm.app"
},
{
"Name": "passcode.is-compliant"
},
{
"Name": "passcode.is-present"
},
{
"Name": "test.array-value"
},
{
"Name": "test.boolean-value"
},
{
"Name": "test.dictionary-value"
},
{
"Name": "test.error-value"
},
{
"Name": "test.integer-value"
},
{
"Name": "test.real-value"
},
{
"Name": "test.string-value"
}
]
}
}
],
"Activations": [
{
"Type": "com.apple.activation.simple",
"Identifier": "90cb68bc-c37d-40cc-8cef-b462947329b2",
"ServerToken": "26985dc4-b0a0-43ef-afae-6ad3e89d5b9d",
"Payload": {
"StandardConfigurations": [
"e07d18d6-4ec6-432a-b474-9b8816d029a2",
"84fe24b1-ac21-4a29-b279-70f715b3ac82",
"1f0ce810-6c6b-4021-86ae-2844396e58f8",
"004b8c95-3500-4ac8-9480-54311a462929"
]
}
}
]
}
}
I performed the following process in User Enrollment, but it seems that the registration process cannot be performed because the profile format is incorrect or the parameters are invalid.
General > Access your account with VPN and device management
Redirect to authentication screen as MDM server is accessed
Set credentials and redirect
session[:token] = "xxxxxxxxxx"
redirect_to "apple-remotemanagement-user-login://authentication-results?access-token=" + session[:token]
Submit MDM profile
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EncryptedPayloadContent</key>
<data>
MIINqgYJKoZIhvcNAQcDoIINmzCCDZcCAQAxggOeMIH/AgEAMGgwWjELMAkGA1UEBhMC
VVMxEzARBgNVBAoTCkFwcGxlIEluYy4xFTATBgNVBAsTDEFwcGxlIGlQaG9uZTEfMB0G
A1UEAxMWQXBwbGUgaVBob25lIERldmljZSBDQQIKAzNmefeeFseQqzANBgkqhkiG9w0B
AQEFAASBgKS2ch7zsM9M/UflrnAzjjlpcKFzKTR2vRBIeTQ6ZUM79ZFQBkhB/TAsi3NO
tkYIy0Kr/xQD86PDlXpF48JDtuhgB0aQ+Dr28/IIpcTnvR9wE1SFFydnHOoXf5sUvMrZ
9JyhlfGeUGGjfV4dYSVTNv41DFXfjksG9qDZTEHYzyC3MIIBFQIBADB+MHkxCzAJBgNV
BAYTAlVTMRMwEQYDVQQKEwpBcHBsZSBJbmMuMSYwJAYDVQQLEx1BcHBsZSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTEtMCsGA1UEAxMkQXBwbGUgaVBob25lIENlcnRpZmljYXRp
......
</data>
<key>PayloadDescription</key>
<string>Test</string>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadIdentifier</key>
<string>localhost.mdm</string>
<key>PayloadOrganization</key>
<string>Test</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>16a91248-230c-423c-9dd9-a1480e911b9b</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
EncryptedPayloadContent
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>AssignedManagedAppleID</key>
<string>hogehoge@test.link</string>
<key>CheckInURL</key>
<string>https://test.link/api/ios/checkin</string>
<key>CheckOutWhenRemoved</key>
<true/>
<key>EnrollmentMode</key>
<string>BYOD</string>
<key>IdentityCertificateUUID</key>
<string>fc7532ea-7fd7-4942-80ba-9fafa0ac5f0a</string>
<key>PayloadDescription</key>
<string>Test</string>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadIdentifier</key>
<string>localhost.mdm</string>
<key>PayloadOrganization</key>
<string>Test</string>
<key>PayloadType</key>
<string>com.apple.mdm</string>
<key>PayloadUUID</key>
<string>9eebe196-17d5-4613-953b-b60e7111282e</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>ServerURL</key>
<string>https://test.link/api/ios/mdm</string>
<key>SignMessage</key>
<true/>
<key>Topic</key>
<string>com.apple.mgmt.External.16a8b279-c4a9-4a33-9f1e-e155ab8161fd</string>
<key>UseDevelopmentAPNS</key>
<false/>
</dict>
<dict>
<key>PayloadContent</key>
<dict>
<key>Challenge</key>
<string>dfbd7b151e5c1c03f8a59e775f393791ca618201</string>
<key>GetCACaps</key>
<array>
<string>POSTPKIOperation</string>
<string>Renewal</string>
<string>AES</string>
<string>SHA-256</string>
</array>
<key>Key Type</key>
<string>RSA</string>
<key>Key Usage</key>
<integer>5</integer>
<key>Keysize</key>
<integer>1024</integer>
<key>Name</key>
<string>CA</string>
<key>Subject</key>
<array>
<array>
<array>
<string>O</string>
<string>Test</string>
</array>
</array>
<array>
<array>
<string>CN</string>
<string>e1af8f64-be70-46d3-97b7-fb70e8e0f0f8</string>
</array>
</array>
</array>
<key>URL</key>
<string>https://test.link/api/scep</string>
</dict>
<key>PayloadDescription</key>
<string>Test</string>
<key>PayloadDisplayName</key>
<string>Test</string>
<key>PayloadIdentifier</key>
<string>localhost.encryption-cert-request</string>
<key>PayloadOrganization</key>
<string>Test</string>
<key>PayloadType</key>
<string>com.apple.security.scep</string>
<key>PayloadUUID</key>
<string>fc7532ea-7fd7-4942-80ba-9fafa0ac5f0a</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
</plist>
When I registered an MDM profile and tried to install an application via MDM on a device on which user enrollment was completed, an error occurred. Is there any countermeasure for this?
errors message
{
"CommandUUID": "5xxxx4x8-95bb-4f62-8bb3-1d7e2b044137",
"EnrollmentID": "7***9774-0373-404B-90CC-5FE8F9B59696",
"ErrorChain": [
{
"ErrorCode": 12008,
"ErrorDomain": "MDMErrorDomain",
"LocalizedDescription": "MDM要求が無効です。",
"USEnglishDescription": "The MDM request is invalid."
}
],
"RejectionReason": "PurchaseMethodNotSupported",
"Status": "Error"
}
There is no App Configuration setting in the URL below, is there a way to set it?
https://github.com/apple/device-management/blob/release/declarative/declarations/configurations/app.managed.yaml