User Profile

Hello, I could not find information in the doc (which is still beta, I understand) : how are app upgrade handled by DDM AppManaged ? With MDM, sending InstalledApplication command will upgrade the app to the most suitable recent version ; HasUpdateAvailable flag tells MDM server (more or less accurately) if there is an update and then Organizations can keep apps up to date as quickly as possible if needed. But with DDM, we just have a declaration where we tell the device to install a given app, and that's it. Is there any detail about how the device upgrades apps, and how frequently ? Thanks.

Hello, what's the status of managing books with UserEnrollment context ? I remember this used to work with a glitch : end user has to log in into Books with his/her managed Apple id (which could be problematic as you can't have both your books and organization books). But I'm currently not able to make it work - A VPP user is associated (silent invite) to the right managed apple id, enough time (more than an hour) happened since a license has been associated to the VPP user and fetching the license from the API shows it has been set properly. But installing the app via MDM always ends with error: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Command</key> <dict> <key>MediaType</key> <string>Book</string> <key>RequestType</key> <string>InstallMedia</string> <key>iTunesStoreID</key> <integer>1525146196</integer> </dict> <key>CommandUUID</key> <string>e802d682-e8b1-6253-04f5-736dab7ecd13</string> </dict> </plist> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>e802d682-e8b1-6253-04f5-736dab7ecd13</string> <key>EnrollmentID</key> <string>971BB6F0-CA43-4B5E-9A1A-7BEF7A7BC286</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>12047</integer> <key>ErrorDomain</key> <string>MDMErrorDomain</string> <key>LocalizedDescription</key> <string>A VPP purchase record for the item could not be found.</string> <key>USEnglishDescription</key> <string>A VPP purchase record for the item could not be found.</string> </dict> <dict> <key>ErrorCode</key> <integer>2615</integer> <key>ErrorDomain</key> <string>DeviceManagement.error</string> <key>LocalizedDescription</key> <string>Could not find Volume Purchase Programme assignment.</string> </dict> </array> <key>Status</key> <string>Error</string> </dict> </plist>``` Is this still a supported workflow ? Installing an App works without any issue in the same context.

Hello, MDM protocol advices to use GDMF (https://gdmf.apple.com/v2/pmv) to manage properly updates ; the service defines which update is available for which device. Nevertheless, we're seeing a difference between what GDMF returns and what is documented in the "public" documentation : https://support.apple.com/guide/deployment/manage-software-updates-depc4c80847a/web For instance, for iOS 15.2, GDMF shows: "ProductVersion":"15.2","PostingDate":"2021-12-13","ExpirationDate":"2022-04-12" But public doc shows 11/02/2022 as expiration date. Why this mismatch ? Which one is the right one ? Thanks !

Hi MDM folks, We're getting reports - and were able to reproduce - that installing books fails on macOS these days ; InstallMedia command errors with Internal Error MDMClientError:-567. Steps to repro: Enroll a mac (tested with Mac Book Air M1 running macOS 12.1) to your favorite MDM login to iCloud Go to Apple School Manager (or Business), get VPP location, get a book for the location. Have a VPP (from the location) user registered, send notification to the device to have it associated (respond to notification, accept T&Cs). Use VPP API to associate a license from this location for the user created in 4. Wait 3 minutes to be sure. Run InstallMedia command with the itunes id. Getting now: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Command</key> <dict> <key>MediaType</key> <string>Book</string> <key>RequestType</key> <string>InstallMedia</string> <key>iTunesStoreID</key> <integer>1055374716</integer> </dict> <key>CommandUUID</key> <string>41d2986d-c105-d283-5b4d-6b35a3539208</string> </dict> </plist> is answered with: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>41d2986d-c105-d283-5b4d-6b35a3539208</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>-567</integer> <key>ErrorDomain</key> <string>MDMClientError</string> <key>LocalizedDescription</key> <string>Internal Error &lt;MDMClientError:-567&gt;</string> </dict> </array> <key>NotOnConsole</key> <false/> <key>Status</key> <string>Error</string> <key>UDID</key> <string>682A2614-DCB7-5AC6-829B-674A101A9EDA</string> <key>UserID</key> <string>0AF0BD86-C327-472D-80EC-9BFF31633087</string> <key>UserLongName</key> <string>admin</string> <key>UserShortName</key> <string>admin</string> </dict> </plist> Looking at device logs after installing ManagedClient Log profiles : [ERROR] [ErrorChain.0] (InstallMedia) [MDMClientError:-567] Internal Error <MDMClientError:-567>> CSSM Exception: -2147415780 CSSMERR_CSP_INVALID_KEYATTR_MASK CSSM Exception: -2147415780 CSSMERR_CSP_INVALID_KEYATTR_MASK cert[0]: MissingIntermediate =(leaf)[force]> 0 Trust evaluate failure: [leaf MissingIntermediate] [501:MDMAgent:HTTPUtil:<0x3236>] >>>>> Sending HTTP request (PUT) [Error(InstallMedia):80c5de4b-9f47-eacf-1f2f-caab1ec34fe8] >>>>> I'll try with 12.2 Beta, but sounds like something's wrong with 12.1 and book assignment. Any hint ? Thanks (and all the best for 2022!).

Has anyone been able to test OS Update on macOS 11 (Intel) ? Status returned by MDM returns the very un-informative message "InstallFailed": <key>UpdateResults</key> <array> <dict> <key>InstallAction</key> <string>Error</string> <key>ProductKey</key> <string>MSU_UPDATE_20A5374i_patch_11.0</string> <key>Status</key> <string>InstallFailed</string> </dict> </array> And installer log on the device shows: 020-09-23 11:39:38+02 macmini SoftwareUpdateNotificationManager[828]: (null)：softwareupdated: Service connection invalidated! 2020-09-23 11:39:38+02 macmini softwareupdated[1145]: Removing client SUUpdateServiceClient pid=828, uid=501, installAuth=NO rights=(), transactions=0 (/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Versions/A/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager) 2020-09-23 11:39:38+02 macmini softwareupdated[1145]: Removing client SUUpdateServiceClient pid=828, uid=501, installAuth=NO rights=(), transactions=0 (/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Versions/A/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager) 2020-09-23 11:39:38+02 macmini softwareupdated[1145]: Fetched MajorOSInfo for productKey:001-36801; getIcon:NO; the SUMajorProduct was fetched remotely. 2020-09-23 11:39:39+02 macmini softwareupdated[1145]: Fetched MajorOSInfo for productKey:001-43966; getIcon:NO; the SUMajorProduct was fetched remotely. 2020-09-23 11:39:39+02 macmini softwareupdated[1145]: Fetched MajorOSInfo for productKey:041-91758; getIcon:NO; the SUMajorProduct was fetched remotely. 2020-09-23 11:39:39+02 macmini softwareupdated[1145]: Fetched MajorOSInfo for productKey:061-26589; getIcon:NO; the SUMajorProduct was fetched remotely. 2020-09-23 11:39:40+02 macmini softwareupdated[1145]: Fetched MajorOSInfo for productKey:061-94403; getIcon:NO; the SUMajorProduct was fetched remotely. 2020-09-23 11:39:40+02 macmini softwareupdated[1145]: SoftwareUpdate: request for status for unknown product MSU_UPDATE_20A5374i_patch_11.0 2020-09-23 11:39:40+02 macmini softwareupdated[1145]: SUOSUServiceDaemon: No agents found to execute MDM major OS command! 2020-09-23 11:39:40+02 macmini softwareupdated[1145]: SUOSUServiceDaemon: No active client to get update status 2020-09-23 11:39:43+02 macmini softwareupdated[1145]: SUOSUServiceDaemon: No agents found to execute MDM major OS command! 2020-09-23 11:40:02+02 macmini softwareupdated[1145]: SUOSUServiceDaemon: Connection invalidated! 2020-09-23 11:40:02+02 macmini softwareupdated[1145]: Removing client SUUpdateServiceClient pid=1124, uid=0, installAuth=NO rights=(), transactions=0 (/usr/libexec/mdmclient) after reboot, install log shows: % tail -f /private/var/log/install.log 2020-09-23 11:53:16+02 macmini softwareupdated[533]: MSU updates found: ( &#9;&#9;"<SUOSUProduct: MSU_UPDATE_20A5374i_patch_11.0>" ) 2020-09-23 11:53:16+02 macmini SoftwareUpdateNotificationManager[727]: Controller: Received availableUpdatesChanged notification; new updates: [MSU_UPDATE_20A5374i_patch_11.0]; new major updates: [001-43966, 001-36801, 061-94403, 061-26589, 041-91758] 2020-09-23 11:53:16+02 macmini softwareupdated[533]: SoftwareUpdate: request for status for unknown product MSU_UPDATE_20A5374i_patch_11.0 2020-09-23 11:53:16+02 macmini SoftwareUpdateNotificationManager[727]: SUOSUShimController: Armed: 0, with mode: 0, date: (null), updates queued for later: ( ) 2020-09-23 11:53:16+02 macmini softwareupdated[533]: Descriptor has changed since previous download (11.0 vs (null)) 2020-09-23 11:53:16+02 macmini SoftwareUpdateNotificationManager[727]: SUOSUShimController: MSU update is not yet downloaded & prepared 2020-09-23 11:53:16+02 macmini softwareupdated[533]: SoftwareUpdate: request for status for unknown product MSU_UPDATE_20A5374i_patch_11.0 I tried a few things (with or without SoftwareUpdate profile to enable beta, with or without caching server), but without success. Is there a way to upgrade Beta macOS via MDM ? Or is this limited to Released versions - but then, why would the device report Beta updates via MDM ?

Hi, What would be the root cause of macOS device responding "Other. Duplicate request." to InstallApplication commands ? Is this equivalent of "The application is already scheduled for management" error on iOS side ? Generally, would it be possible to extend https://developer.apple.com/documentation/devicemanagement/installapplicationresponse?changes=latest_minor&language=objc (and other commands) with possible error codes and their meaning ? Thanks !

Hello, AvailableOSUpdates command used to be acknowledged by non-supervised iOS devices (it's still the case for iOS 12.5.3 devices for instance), but it is now returning an error on iOS 14.5+. ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keyCommandUUID/key string96bc818b-5e2c-f83b-b710-0197fba79474/string keyErrorChain/key array dict keyErrorCode/key integer12021/integer keyErrorDomain/key stringMCMDMErrorDomain/string keyLocalizedDescription/key string“AvailableOSUpdates” is not a valid request type./string keyUSEnglishDescription/key string“AvailableOSUpdates” is not a valid request type./string /dict /array keyStatus/key stringError/string keyUDID/key stringxxx/string /dict /plist Is this expected, and if yes, could you clarify when the change happened ? Thanks !

Hi Device Management team, Are ScheduleOSUpdate error code documented somewhere ? I could not find anything in https://developer.apple.com/documentation/devicemanagement/schedule_an_os_update?changes=latest_minor&amp;language=objc. We have a case where a device reports cryptic error 700: keyUpdateResults/key array dict keyErrorChain/key array dict keyErrorCode/key integer700/integer keyErrorDomain/key stringSUOSUErrorDomain/string keyLocalizedDescription/key string700/string /dict /array keyInstallAction/key stringError/string keyProductKey/key string_MACOS_11.2.1/string keyStatus/key stringInstallFailed/string /dict /array The description is just "700". The device properly reports this update: keyAvailableOSUpdates/key array dict keyAllowsInstallLater/key true/ keyAppIdentifiersToClose/key array/ keyDownloadSize/key integer12199403070/integer keyHumanReadableName/key stringmacOS Big Sur/string keyIsConfigDataUpdate/key false/ keyIsCritical/key false/ keyIsFirmwareUpdate/key false/ keyProductKey/key string_MACOS_11.2.1/string keyRequiresBootstrapToken/key false/ keyRestartRequired/key true/ keyVersion/key string11.2.1/string /dict And the command to install seems ok: dict keyRequestType/key stringScheduleOSUpdate/string keyUpdates/key array dict keyInstallAction/key stringDefault/string keyProductKey/key string_MACOS_11.2.1/string keyProductVersion/key string11.2.1/string /dict /array /dict Thanks !

macOS 11 Beta 9 introduces a new option for TCC profile to allow normal user account to grant Screen Recording (and audio) permissions to apps. Is there a way to build one profile which can be deployed to both macOS 10.15 and 11 ? If we want to deny access, and therefore send: Allowed=False Authorization=Deny Big Sur rejects the profile. If we want to allow access to standard user, the profile will be rejected if we do: Allowed - not set (as it's invalid for Screen recording) Authorization=AllowStandardUserToSetSystemService, Catalina rejects the profile because Allowed is missing.