We want to set key-value pair (installation_token: xxxxx) into an app installed by MDM.
Formerly we could set the key-value using Settings MDM command like this.
<dict>
<key>Command</key>
<dict>
<key>RequestType</key>
<string>Settings</string>
<key>Settings</key>
<array>
<dict>
<key>Configuration</key>
<dict>
<key>installation_token</key>
<string>xxxxxxx</string>
</dict>
<key>Identifier</key>
<string>com.cloudflare.cloudflareoneagent</string>
<key>Item</key>
<string>ApplicationConfiguration</string>
</dict>
</array>
</dict>
We can still use this for the apps installed withInstallApplication MDM command, however we cannot apply this configuration into the app using Declarative Device Management. When we try it, we got an error like this.
<dict>
<key>CommandUUID</key>
<string>.............</string>
<key>Settings</key>
<array>
<dict>
<key>ErrorChain</key>
<array>
<dict>
<key>ErrorCode</key>
<integer>12008</integer>
<key>ErrorDomain</key>
<string>MDMErrorDomain</string>
<key>LocalizedDescription</key>
<string>Could not modify apps managed by Declarative Device Management.</string>
<key>USEnglishDescription</key>
<string>Could not modify apps managed by Declarative Device Management.</string>
</dict>
</array>
<key>Identifier</key>
<string>com.cloudflare.cloudflareoneagent</string>
<key>Item</key>
<string>ApplicationConfiguration</string>
<key>Status</key>
<string>Error</string>
</dict>
</array>
How can we work with managed application configuration with DDM?
Post
Replies
Boosts
Views
Activity
I'd like to try ManagedAppView describe here: https://developer.apple.com/documentation/appdistribution/fetching-and-displaying-managed-apps
// Define a model that obtains a list of managed apps.
@Observable final class PortalViewModel {
enum Content: Identifiable {
case managedApp(ManagedApp), developerContent(title: String, action: (ManagedContentOfferState) -> Void)
var id: String {
switch self {
case let .managedApp(app):
return app.id
case let .developerContent(title, _):
return title
}
}
}
var contents: [Content] = []
func getApps() async {
do {
for try await result in ManagedAppLibrary.currentDistributor.availableApps {
contents = try result.get().map(Content.managedApp)
}
} catch {
// Handle errors here.
print("ERROR==>\(error)")
}
}
}
struct PortalView: View {
private var viewModel = PortalViewModel()
var body: some View {
List(viewModel.contents) { content in
switch content {
case let .managedApp(managedApp):
ManagedAppView(app: managedApp)
case let .developerContent(title, action):
ManagedContentView(primaryLabel: title, offerState: .custom(title: "Request"), offerAction: action) {
Image("house")
}
}
}
.managedContentStyle(.compact)
.task { await viewModel.getApps() }
}
}
I already configured an entitlement for this UI
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.managed-app-distribution.install-ui</key>
<array>
<string>managed-app</string>
</array>
</dict>
</plist>
However the screen keeps blank with an error message "Error registering for message: [App catalog changed]: An unspecified, unrecoverable error occurred." on executing ManagedAppLibrary.currentDistributor.availableApps
And the console log probably implies that this playground app (MDM Agent for SwiftUI) should be available on App Store and installed as managed.
Jul 16 02:20:17 iPhone MDM Agent for SwiftUI(libxpc.dylib)[1395] <Notice>: [0x105a155c0] activating connection: mach=true listener=false peer=false name=com.apple.managedappdistributiond.xpc
Jul 16 02:20:17 iPhone managedappdistributiond(libxpc.dylib)[1320] <Notice>: [0xc2a1e4dc0] activating connection: mach=false listener=false peer=true name=com.apple.managedappdistributiond.xpc.peer[1395].0xc2a1e4dc0
Jul 16 02:20:17 iPhone managedappdistributiond[1320] <Notice>: [TXNaf44] \M-p\M^_\M^P\M^O Beginning transaction (<private>)
Jul 16 02:20:17 iPhone managedappdistributiond[1320] <Notice>: Activity associated with <private>ED4BF49B
Jul 16 02:20:17 iPhone dmd[169] <Notice>: Received request: <DMFFetchAppsRequest: 0xbdc8e48c0>, from client: <CATTaskSession: 0xbdc850aa0 { state = Connected, session = 04530509-57B9-41D3-BEBC-3F07673E8BFC, transport = <CATXPCTransport: 0xbdc96c9b0 { state = Connected }> }>
Jul 16 02:20:17 iPhone dmd(libxpc.dylib)[169] <Notice>: [0xbdc1ab700] activating connection: mach=true listener=false peer=false name=com.apple.accountsd.accountmanager
Jul 16 02:20:17 iPhone accountsd(AccountsDaemon)[112] <Notice>: "<private> (<private>) received"
Jul 16 02:20:17 iPhone accountsd(libxpc.dylib)[112] <Notice>: [0xcc2804f00] activating connection: mach=false listener=false peer=true name=com.apple.accountsd.accountmanager.peer[169].0xcc2804f00
Jul 16 02:20:17 iPhone dmd[169] <Notice>: Add operation: <DMDFetchAppsOperation: 0xbdc360000 { name = (null), ID = 4161DF16-B5EE-4C2F-AFC7-ED66C9EF6216, state = A-- [0], completed = -1/-1 }>
Jul 16 02:20:17 iPhone dmd(libxpc.dylib)[169] <Notice>: [0xbdc1ab700] invalidated because the current process cancelled the connection by calling xpc_connection_cancel()
Jul 16 02:20:17 iPhone dmd[169] <Notice>: Operation will start: <DMDFetchAppsOperation: 0xbdc360000 { name = (null), ID = 4161DF16-B5EE-4C2F-AFC7-ED66C9EF6216, state = A-- [0], completed = -1/-1 }>
Jul 16 02:20:17 iPhone dmd(Accounts)[169] <Notice>: "The connection to ACDAccountStore was invalidated."
Jul 16 02:20:17 iPhone dmd[169] <Notice>: Fetch apps with bundle ids: ( "com.companyname.MDM-Agent-for-SwiftUI"
), store item id: (null)
Jul 16 02:20:17 iPhone dmd(AppStoreDaemon)[169] <Notice>: [ASDUpdatesService]: getManagedUpdatesWithCompletionBlock
Jul 16 02:20:17 iPhone accountsd(libxpc.dylib)[112] <Notice>: [0xcc2804f00] invalidated after getting a no-senders notification - client is gone
Jul 16 02:20:17 iPhone appstored[189] <Notice>: [XPCServiceEntitlements]: We have the entitlement: com.apple.itunesstored.private for pid: 169 result: 1
Jul 16 02:20:17 iPhone appstored[189] <Notice>: [8D8ED625] getManagedUpdates requested for client: com.apple.dmd
Jul 16 02:20:17 iPhone appstored[189] <Notice>: [8D8ED625] Returning 0 available and 0 recent update(s)
Jul 16 02:20:17 iPhone appstored[189] <Notice>: [8D8ED625] getManagedUpdates completed successfully
Jul 16 02:20:17 iPhone dmd(AppStoreDaemon)[169] <Notice>: [ASDUpdatesService]: getUpdatesWithCompletionBlock
Jul 16 02:20:17 iPhone appstored[189] <Notice>: [XPCServiceEntitlements]: We have the entitlement: com.apple.itunesstored.private for pid: 169 result: 1
Jul 16 02:20:17 iPhone appstored[189] <Notice>: [C7CA1AFD] getUpdates requested for client: com.apple.dmd
Jul 16 02:20:17 iPhone appstored[189] <Notice>: [C7CA1AFD] Returning 0 available and 0 recent update(s)
Jul 16 02:20:17 iPhone appstored[189] <Notice>: [C7CA1AFD] getUpdates completed successfully
Jul 16 02:20:17 iPhone dmd[169] <Notice>: Lifecycle is not stale for bundle ID: com.companyname.MDM-Agent-for-SwiftUI
Jul 16 02:20:17 iPhone dmd[169] <Notice>: Operation will finish: <DMDFetchAppsOperation: 0xbdc360000 { name = (null), ID = 4161DF16-B5EE-4C2F-AFC7-ED66C9EF6216, state = AE- [0], completed = -1/-1 }>
Jul 16 02:20:17 iPhone managedappdistributiond[1320] <Error>: Hosting app <private> with persona <private> is not managed
Jul 16 02:20:17 iPhone managedappdistributiond[1320] <Error>: Error in <private>: An unspecified, unrecoverable error occurred.
Jul 16 02:20:17 iPhone managedappdistributiond[1320] <Notice>: [TXNaf44] \M-p\M^_\M^P\M^O Ending transaction (<private>) (<private>)
Jul 16 02:20:17 iPhone MDM Agent for SwiftUI(ManagedAppDistribution)[1395] <Error>: Error registering for message: [App catalog changed]: An unspecified, unrecoverable error occurred.
So, how can we develop and debug ManagedAppDistribution?
(NOTE the test device is supervised and managed using DDM.)
Push notification for PWA app is supported on iOS >= 16.4.
I want to restrict app usage using Restriction payload of configuration profile. Formerly we could it by defining a restriction like this. (actually via MDM)
<key>whitelistedAppBundleIDs</key>
<array>
<string>com.apple.webapp</string>
</array>
However on iOS >= 17.0, the notification setting of the PWA app is disappeared!!
Without the restriction payload, or with the restriction payload without whitelistedAppBundleIDs, the notification setting for the PWA app is shown as expected.
Also we discovered that the issue can be avoided by adding com.apple.WebKit.PushBundle.xxxxxx into the restriction payload.
<key>whitelistedAppBundleIDs</key>
<array>
<string>com.apple.webapp</string>
<string>com.apple.WebKit.PushBundle.7880D99FB56F4FF7B5DC019E0EDBCBD0</string>
</array>
com.apple.WebKit.PushBundle.7880D99FB56F4FF7B5DC019E0EDBCBD0 can be found with console log using Apple Configurator.
However it cannot be found via MDM command (ex. InstalledApplicationList). We want to configure and install the restriction payload into multiple devices via MDM.
So how can we know the com.apple.WebKit.PushBundle.xxxxxx via MDM? or how can we enable push notification settings for PWA apps with restriction payload?
Thank you
I tried the new feature of iOS 17.2 com.apple.configuration.app.managed
A configuration and its activation are defined with the data like this.
{
"Identifier": "389459bf-0902-58dd-be0e-11c83c695a8b",
"Type": "com.apple.configuration.app.managed",
"Payload": {
"InstallBehavior": {
"Install": "Required",
"License": {
"VPPType": "Device"
}
},
"BundleID": "com.microsoft.Office.Powerpoint"
},
"ServerToken": "..."
}
After distributing the configuration with DeclarativeDevicement MDM command, an error is notified via status channel app.managed.list.
{
"active": true,
"identifier": "389459bf-0902-58dd-be0e-11c83c695a8b",
"valid": "valid",
"server-token": "21b95e4cb0b616a3ac77a5905ed08756fa36f605ad1a30a9bd347a4a8092532c"
},
"app": {
"managed": {
"list": [
{
"state": "failed",
"declaration-identifier": "389459bf-0902-58dd-be0e-11c83c695a8b",
"identifier": "com.microsoft.Office.Powerpoint",
"name": "Microsoft PowerPoint",
"reasons": [
{
"code": "Error.LicenseNotFound"
}
]
},
After VPP license for the app is assigned, I tried to issue DeclarativeManagement command again.
However iOS device doesn't fetch the configuration because it is not changed. App installation is not retried even after the valid license is assigned.
How can we trigger the retrying installation?
Thank you
We are working with MDM service using VPP API, and trying to migrate Legacy APIs to new App and Book Management APIs.
This document says
Send the public key you generate to your Apple contact in a plain-text file. Do not share the private key. Also provide a brief description of your use case and product.
I generated a key-pair and sent the public key to Apple Developer Program support, however they didn't know how to handle it.
What means "your Apple contact" here?
I already understand how to generate JWT token for the api.ent.apple.com. I want to know who authorize the public key for the organization.
Thank you,
Our MDM customers often claim MDM push is not delivered to device and cannot manage devices via MDM.
TokenUpdate is not notified from the device on our MDM checkin server.
APNs server response is 200 OK (successful) with the device token.
MDM push is actually not delivered on device.
We are really struggling to handle the claim because it is probably caused by iOS behavior, and AppleCare OS support doesn't help investigation about the issue.
How can we investigate the reason why the push is not delivered?
How can we know the current token value of the managed device?
Reinstalling the MDM configuration profile is a way to know current MDM push token (it triggers TokenUpdate checkin command)
Any other way to trigger TokenUpdate request on the device side?