I'm developing for DEP (Device Enrollment Program). Each time a new iPhone is added through the configurator, I have to call the API at https://developer.apple.com/documentation/devicemanagement/assign_a_profile to assign a predefined configuration profile to the device. Is there a way to automatically assign new devices to a default configuration profile?
Post
Replies
Boosts
Views
Activity
I'm currently trying to develop an MDM (Mobile Device Management) solution and have encountered some issues:
I've set up an MDM server, let's assume the URL is mdm.***.com.
I've also registered with Apple Business Manager and assigned the MDM server.
Using iOS's Configurator, I added an iPhone device to the Business Manager. After the initial addition, it prompts to erase the iPhone. After restarting, the iPhone interacts with the MDM server and completes registration.
Now, here comes the question: When I was assigning the MDM server in step two, I didn't provide the MDM server's URL, I just uploaded a public key. After erasing the iPhone in step three, how does it know the URL of the MDM server?
I am using Configuring Multiple Devices Using Profiles
This is the documentation I'm looking at
https://developer.apple.com/documentation/devicemanagement/configuring_multiple_devices_using_profiles
I'm confused by the documentation below
Encrypt and Sign a Profile
Both iOS and macOS support using encryption to protect the contents of profiles from unauthorized access. The encrypted profile can only be decrypted using a private key previously installed on a device. To encrypt a profile:
Remove the PayloadContent array and serialize it as a property list. Note that the top-level object in this property list is an array, not a dictionary.
CMS-encrypt the serialized property list as enveloped data.
Serialize the encrypted data in DER (Distinguished Encoding Rules) format.
Set the serialized data as the value of as a data property list item in the profile, using the EncryptedPayloadContent key.
Signing a profile guarantees data integrity. To sign a profile, place the XML property list in a DER-encoded, CMS Signed Data structure.
The documentation states that a total of four steps are required. These are the steps I wrote according to the documentation.
I now have an unencrypted mobileconfig file with the following content
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>FullScreen</key>
<true/>
<key>Icon</key>
<data>
iVBORw0KGgoAAAANSUhEUgAAAFMAAABXCAYAAAB4I3kWAAAAAXNS
R0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7D
AcdvqGQAAADWSURBVHhe7dChAQAgDMCwwf8/A4ITIhtT33WeCbF/
AzQTaibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQM6FmQs2Emgk1E2om
1EyomVAzoWZCzYSaCTUTaibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQ
M6FmQs2Emgk1E2om1EyomVAzoWZCzYSaCTUTaibUTKiZUDOhZkLN
hJoJNRNqJtRMqJlQM6FmQs2Emgk1E2om1EyomVAzoWZCzYSaCTUT
aibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQM5mZC+DNBKoqfY8fAAAA
AElFTkSuQmCC
</data>
<key>IsRemovable</key>
<true/>
<key>Label</key>
<string>test</string>
<key>PayloadDescription</key>
<string>Adds a Web Clip.</string>
<key>PayloadDisplayName</key>
<string>Web Clip (test)</string>
<key>PayloadIdentifier</key>
<string>com.qqq.webclip1</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.apple.webClip.managed</string>
<key>PayloadUUID</key>
<string>D53575A8-FC80-442A-A1CB-58B14E7048E1</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Precomposed</key>
<true/>
<key>URL</key>
<string>http://www.google.com</string>
</dict>
</array>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string></string>
<key>PayloadIdentifier</key>
<string>com.qqq</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>D53575A8-FC80-442A-A1CB-58B14E7048E1</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Remove the PayloadContent array and serialize it as a property list. Note that the top-level object in this property list is an array, not a dictionary.
Is this the serialized property list? Encrypt this string?
<array>
<dict>
<key>FullScreen</key>
<true/>
<key>Icon</key>
<data>
iVBORw0KGgoAAAANSUhEUgAAAFMAAABXCAYAAAB4I3kWAAAAAXNS
R0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7D
AcdvqGQAAADWSURBVHhe7dChAQAgDMCwwf8/A4ITIhtT33WeCbF/
AzQTaibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQM6FmQs2Emgk1E2om
1EyomVAzoWZCzYSaCTUTaibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQ
M6FmQs2Emgk1E2om1EyomVAzoWZCzYSaCTUTaibUTKiZUDOhZkLN
hJoJNRNqJtRMqJlQM6FmQs2Emgk1E2om1EyomVAzoWZCzYSaCTUT
aibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQM5mZC+DNBKoqfY8fAAAA
AElFTkSuQmCC
</data>
<key>IsRemovable</key>
<true/>
<key>Label</key>
<string>test</string>
<key>PayloadDescription</key>
<string>Adds a Web Clip.</string>
<key>PayloadDisplayName</key>
<string>Web Clip (test)</string>
<key>PayloadIdentifier</key>
<string>com.qqq.webclip1</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.apple.webClip.managed</string>
<key>PayloadUUID</key>
<string>D53575A8-FC80-442A-A1CB-58B14E7048E1</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Precomposed</key>
<true/>
<key>URL</key>
<string>http://www.google.com</string>
</dict>
</array>
The data returned here does not see where the transaction amount can be queried
https://developer.apple.com/documentation/appstorereceipts/responsebody
I am a computer enthusiast, I come from China, I love programming very much, now I have mastered Java, recently I bought an Apple developer account, I want to learn Apple development, but there are very few learning materials about Apple development in China, but I can't read English teaching videos, how to learn?I hope you can give me some advice, thank you