Dear Apple Team, As an MDM (Mobile Device Management) service provider, we are writing to bring attention to an issue that is affecting many of our customers who manage large fleets of iOS devices. Specifically, we have encountered challenges with the app update process via MDM, which is impacting both kiosk devices and non-kiosk devices in a variety of use cases. Issue 1: App Updates Delayed on Kiosk Devices Many of our customers are deploying kiosk devices that are used 24/7 independently with no attendants. In these cases, when an app update is sent through MDM via the installApplication command, the installation does not begin immediately. Instead, the update starts only after the device is locked. However, since these kiosk devices are running continuously, they are rarely locked, preventing the app update from occurring. To force the update, administrators need to manually remote lock or physically lock the device, which is a time-consuming process. This becomes even more challenging for devices like Apple TV, where remotely locking and unlocking the device to complete app updates is especially difficult, making it hard to keep the apps up to date in a timely manner. Issue 2: User Cancellations of Critical Updates on Non-Kiosk Devices In the case of non-kiosk devices, customers are encountering another challenge: when a critical update is pushed during business hours, users are often prompted to install the update. However, many users tend to cancel the update, leaving devices unpatched and potentially vulnerable. This behavior can delay the deployment of important security patches, which is a critical concern for organizations managing sensitive data or business-critical apps. Request for a Solution Our customers have expressed the need for a more reliable and forceful app update mechanism. Specifically, we are requesting the following features to improve the app update experience: Scheduled app updates: The ability to schedule app updates, similar to the way OS updates are handled. If the user does not install the update within a specified timeframe, the update should begin automatically or prompt the user with a stronger reminder. Force install option: A feature that would allow MDM administrators to force an app update immediately, without relying on user intervention. This would ensure that critical updates are installed promptly, improving security and system stability across all devices. These features are essential for many of our customers who rely on timely and consistent app updates to maintain security, functionality, and compliance across their managed devices. Without these options, they face challenges in ensuring devices are kept up-to-date, which can result in security vulnerabilities and operational disruptions. We kindly request that Apple consider adding these functionalities to improve the MDM app update process and provide a more reliable experience for both kiosk and non-kiosk device management. Thank you for your attention to this matter. We look forward to your feedback and any potential improvements in future iOS updates. Raised in the same manner as feedback: FB15910292

I’m looking for advice on implementing an Active Supervision Mode for enhanced parental control. My goal is to restrict access to both iOS system apps and third-party applications to create a safer and more tailored digital experience for my child. Here’s what I’d like to achieve: App Restrictions: Block specific apps (both iOS and third-party) and allow access only to approved ones. Time Limits: Set daily usage limits for individual apps or app categories. Content Filtering: Apply restrictions to block inappropriate content and age-inappropriate apps. Remote Management: Manage these settings remotely from my device for added convenience. Activity Monitoring: View app usage stats or receive alerts for policy violations. I understand that Screen Time on iOS offers basic parental controls, but I’m exploring whether iOS supports more advanced capabilities natively or through additional configurations. I’ve also heard that enrolling a device in Apple Business Manager (ABM) and linking it to an MDM (Mobile Device Management) solution might provide greater control. If this is a viable solution, could anyone provide guidance on: Enrolling a personal or family-owned device into Apple Business Manager. Linking an MDM for configuring app restrictions and monitoring usage. Alternatively, if there are third-party parental control apps that work seamlessly with iOS to achieve these goals, I’d appreciate your recommendations! Thanks in advance for your insights!

Hello everyone, I am a developer and admin on App Store Connect, and I'm experiencing some issues with my account. Here’s a summary of the situation: Account Email: [Redacted] Team ID: [Redacted] Upon visiting the resources page, I encountered a popup stating: Unable to find a team with the given Team ID to which you belong. Please contact Apple Developer Program Support. When I sought assistance from a account holder, they attempted to log in using the account email but were unable to access it, despite entering the correct credentials multiple times. The login page prompted them to enter the email or phone number and password for the Apple account. Currently, I admin can log into App Store Connect, but the account holder is unable to access their account. We are facing difficulties because the Team ID appears to be disabled or unavailable in Xcode. We still have an Individual Developer subscription, but we intend to upgrade to an Organization level. I submitted a request for "Organization Membership" earlier this month. After contacting Apple support helpline multiple times, we received inconsistent responses, including suggestions to create a new account or contact developer support via email. Our main issues are: The account holder is unable to log in. The Team ID is not functioning. If we cannot continue with the individual account, we are open to using a different email for the account holder, as he handle sensitive information such as verification and payments. I have already submitted my request and am opening this thread in hopes of finding a speedy solution and guidance. I've seen multiple threads on this issue, but none have provided a resolution. Any guidance or suggestions on how to resolve these issues would be greatly appreciated! Thank you!

I'm reaching out to discuss a significant issue related to how iOS handles app login sessions, particularly in the context of MDM (Mobile Device Management) and the Outlook app. In our organization, we use MDM to distribute applications, including Outlook, with certificate-based authentication for BYOD (Bring Your Own Device) devices. This setup allows users to log in seamlessly to their accounts. However, we've encountered a concerning behavior: when a user unenrolls from MDM, which automatically removes the distributed apps and certificates, they can later reinstall the app from the App Store and find themselves automatically logged back into their previous accounts without any authentication prompts. Here’s a detailed breakdown of the situation: Initial Installation: Users enroll their devices in MDM, which installs the necessary apps and certificates on those devices. Session Storage: After the initial login, the app stores the session locally on the device. App Deletion: When users un enroll their devices from MDM, it automatically removes the distributed apps and certificates. Reinstallation: Days or weeks later, when they reinstall the Outlook app from the App Store, they find themselves automatically logged back into their accounts. This behavior raises important concerns: Lack of Authentication: The app retaining user sessions even after deletion allows users to access their accounts without re-authentication, which could lead to potential unauthorized access and undermines the effectiveness of certificate-based authentication and two-factor authentication (2FA). Note: This issue is not limited to Outlook; we've observed similar behavior with many other apps. Need for a Solution - Given the implications of this behavior, we are looking for effective solutions to prevent it. Specifically, we need options within the MDM framework to: Restrict Session Retention: Implement settings that ensure any app deleted via MDM will lose all stored sessions and require re-authentication upon reinstallation. Default Settings for MDM-Distributed Apps: Ideally, this would be a default feature for all apps distributed through MDM, ensuring that user sessions are not retained after app deletion. Has anyone else experienced this issue? Are there any existing settings or workarounds within MDM platforms to mitigate this problem? Your insights and experiences would be invaluable as we navigate this challenge. Thank you!

My apple developer account has been changed to organization information but the app store still shows the individual developer name, how to fix it? please help me

We are doing application assignment to personal iOS devices that are enrolled in MDM via User Enrollment. However, we're experiencing some odd behavior when assigning licenses. We are getting back errors from the devices when doing assignments: code: 12064, domain: MDMErrorDomain, description: Could not retrieve licence for the app with iTunes Store ID 422689480. code: 2605, domain: DeviceManagement.error, description: No licence was found for app "com.google.Gmail". However, we are not seeing license exhaustion on the Apple Business Manager side for our location. We are not clear what would cause the 12064 or 2605 errors. We have tried re-sending the command to install the app, and we have tried un-enrolling devices and re-enrolling, as well as updating the VPP Token for the location. We have gathered sysdiagnoses from affected devices, but it's not clear what causes this. What other causes are there for 12064 and 2605 errors? How can we work around these?

We are trying to publish an app on the public App Store that is intended for internal use by our organization. The app does not have a public registration process—accounts are created internally by our organization's system, and users simply sign in. Apple has rejected the app, suggesting to use private distribution methods like Apple Business Manager or the Apple Developer Enterprise Program. However, we would prefer to distribute the app publicly via the App Store for easier access and updates. Has anyone successfully published a public-facing app without a registration feature where account creation is managed internally? Are there any specific strategies or additional features we should add to meet Apple’s requirements while keeping our internal account creation process? Thank you for your insights!

I am currently working on a Visual Basic .NET project and aim to integrate an internal application with the Apple Business Manager API to access DEP (Device Enrollment Program) device data. Specifically, I would like to request any guidance on the following aspects: Generating a Valid Access Token: I am aware that JSON tokens are required to interact with the API, but I am unsure of the correct procedure to create a valid token for accessing the Apple Business Manager data. How to set permissions for accessing DEP Device Data: What steps do I need to follow to obtain the necessary permissions to read DEP device data from Apple Buiness Manager? Are there specific configurations or approval processes that need to be completed within Apple Developer Account oder Apple Business Manager account (which both uses same Apple ID)? API Endpoints and Documentation to access Business Manager by API: Could you please point me to the relevant APIs and endpoints for interacting with the DEP data? Which web requests to send where? Any documentation that outlines the API structure fur Business Manager access and how and where to obtain access tokens for it. Thanks for any assistance as I stuck here since it is ma first project accessing Apple APIs.

Hello there, I Have an Apple developer enterprise subscription. I need to put my app on app store in order to deliver it by Citrix secure hub it seems to be necessary for me using "volume purchase program". it seems to be necessary connecting citrix store with apple business manager On these premises, I followed docs and went on App Store Connect site, but there is no "my apps" section on the page as I expected, I can find only a unique section "Users and accesses" and two tabs "people" and "integrations" **How can I submit my app? why exactly I'm not seeing the same on different profile? ** here what I see:

Hello, We have filtering logic that is being loaded into PacketTunnelProvider network extension for processing web traffic. The issue we are facing is the 50MB cap is being hit after browsing a few websites and the OS terminates the PacketTunnelProvider. What would be the best way to tackle this problem? A few ideas come to mind and would appreciate any support on them: using IPC (Inter Process Communication) to move the filtering logic back to the main app (if this is possible) we could move the filtering in Filter Control Provider however the limitation on there is that we cannot perform HTTP response modification which is imperative for the workings of the filtering. We have same solution working fine on Android and app is using about 270MB in worst case (however in Android there is no limit to network extension as the VPN provider runs inside the app) The project target market is in excess of 50,000 devices We would appreciate any support on the matter.

The customer's ABM account has been locked，i can't get token with DEP Server Token.Is there any ways to release device from ABM with some api or softwares. I hope no remote management page during the activation process settings after i restore factory settings. Thanks in advance.

Hello, is there any plan to add a new service type for Privacy Preferences Policy Control profile to allow apps deployed via MDM on Organization owned devices to access local network without prompting end user on Sequoia ? This would be very welcome, especially in education world where students are good at finding on how to block the tools they are supposed to use. I created FB14540495 for reference. Thanks !

I have been running ABM to synchronize devices for some time now, but in recent days, when using the interface for synchronization, the response from the interface to the device's' Device-Assigned-by 'field has changed. The official website should return' The email of the person who assigned the device. 'However, what I received was a string of numbers, such as 275xxxxx, which corresponds to the ABM user's ID. Some devices may change the field to email again when synchronizing, but unfortunately some devices will always have these numbers. How can I recover the email?

I have been running ABM to synchronize devices for some time now, but in recent days, when using interface synchronization, the device's "assembly_assigned-by" field responded by the interface has changed. The official website should return "The email of the person who assigned the device." However, what I received was a string of numbers, such as 275xxxxxxxx. Some devices may change the field to email again when synchronizing, but unfortunately some devices will always have these numbers. How can I recover the email? https://mdmenrollment.apple.com/server/devices https://mdmenrollment.apple.com/devices/sync

When syncing newly added or modified devices in the Apple Business Manager (ABM) portal using the POST request to https://mdmenrollment.apple.com/devices/sync, we are getting an issue when the ABM server account has more than 1000 devices. The response consistently includes 1000 devices, with the ‘more_to_follow’ flag always set to true and the ‘cursor’ value changing. However, subsequent ABM syncs for other devices result in duplicate devices being included in the response, and the ‘more_to_follow’ flag never becomes false. As more_to_follow is always true, we try to hit api continuously. Please refer this for sync API details which is causing issue: https://developer.apple.com/documentation/devicemanagement/sync_the_list_of_devices This issue appears to originate from the Apple ABM side. Any help would be of great use. Thanks in advance.

Hi Team, We are planning to automate ABM export. We dont want to download export which contains device inventory for example, S/N, IMEI, Reseller ID, etc. Is there any way to automate it or has Apple made their APIs available? Any help would be appreciated. Regards!

When making a GET request to the ABM Account API at https://mdmenrollment.apple.com/account, we receive a response that includes an org_email field. However, we’ve noticed that the value of org_email varies. Sometimes it corresponds to an account with the role of Administrator, while other times it comes from account with roles Device Enrolment Manager, Content Manager and People Manager. We seek clarification on the following points: Which roles determine the org_email sent in the response? Is the org_email coming in API response always same or does it change when we hit the APIs in multiple times. org_email in this response: https://developer.apple.com/documentation/devicemanagement/accountdetail

Hi, My employer has Apple developer account and they want to distribute the application through Microsoft Intune for employees only. However when I checked the MS Intune distribution documentation they have mentioned we should have Apple Enterprise account and distribute the app as In house/ Ad hoc app. To distribute the app through Intune we need to use their wrapping tools which needs IPA generated through enterprise certificate and profile. Employer also has Apple Business Manager account and as per Apple documentation we can distribute the app in organization through ABM. Its really confusing to finalize which path to follow. I need your help to guide me in right direction.

Im experiencing an error code 12026 when trying to install an app with iTunes Store ID 1163307568 and has tried various solutions but is still unable to install the app. Tried revoking the licenses and pushing the apps again but the error prompt persists. We have also tried syncing VPP, checking the app license, and purchasing a mild surplus, but still getting the error.

Hello, I am having trouble distributing the internal app to the Apple Business Manager via the AppStore private distribution. == Steps to reproduce == Create a new app on AppStore Connect Set it as a private distribution and specify the organisation ID Submit the build to the review The app review is approved and "Ready to Distribute" On the distribution tab, it says "This app was removed from sale from the App Store. Go to Pricing and Availability to add it back to the App Store." Sign-in to the Apple Business Manager Enable the custom app in the Apple Business Manager settings Expected: 7-A. The app is listed under the Custom App Observed: 7-B. There is no app listed under the Custom App section == Questions == Is there any other steps for the successful private distribution? Does the organisation receive any email from the App Store Connect to accept the private distirubion? Is there any way to see the status of the custom app from the developer? Is there any Apple support contact I can confirm the status of the app? Thank you for your help in advance!