The customer is trying to enroll macOS devices to Hexode via Apple Business Manager (without reset). Upon running the command sudo profiles renew -type enrollment, he received the below error. Error: DEP enrollment failed: The cloud configuration server is unavailable. (MDMDeviceEnrollment:103) Upon running the command sudo profiles show -type enrollment in Terminal, he received the following output. Error fetching Device Enrollment configuration: (34006) Error Domain=MCCloudConfigurationErrorDomain Code=34006 "The cloud configuration server is unavailable." UserInfo={CloudConfigurationErrorType=CloudConfigurationFatalError, NSLocalizedDescription=The cloud configuration server is unavailable., NSUnderlyingError=0x6000012f0060 {Error Domain=com.apple.MobileActivation.ErrorDomain Code=-1 "Failed to create reference key." UserInfo={NSLocalizedDescription=Failed to create reference key., NSUnderlyingError=0x6000012f00c0 {Error Domain=com.apple.MobileActivation.ErrorDomain Code=-1 "Failed to create ref key." UserInfo={NSLocalizedDescription=Failed to create ref key., NSUnderlyingError=0x6000012f0150 {Error Domain=NSOSStatusErrorDomain Code=-25308 "failed to generate asymmetric keypair" (errKCInteractionNotAllowed / errSecInteractionNotAllowed:  / Interaction is not allowed with the Security Server.) UserInfo=0x6000009f0440 (not displayed)}}}}}} The device was assigned to the Hexnode server and listed in DEP devices in Hexnode. It seems to be an Intel device and we tried following troubleshooting steps. He said another user tried out the case and was encountering the same errors. He tried the following steps as part of troubleshooting. Installed pending OS updates Re-assigned device to Hexnode server Cleared NVRAM/PRAM Switched networks Turned off firewall and proxies on the device Re-assigned DEP configuration profile to devices Re-configured DEP and APNs Enrolling the device using the enrollment URL does work and he's able to deploy actions as well. He is willing to reset the device and check as well, but he has ~30 devices in ABM that are remote and in use. Since 2 devices encountered the case, he would like to know more about what happened.

We noticed that Apple Login fails if we try to login with Managed Apple ID on iOS 17.2 & 17.3 This issue could have been introduced in iOS 17 but we did not have iOS 17.0 or 17.1 to validate this. There are few prerequisites to this: Should be a supervised device. It can be enrolled in ABM or ASM. Apple ID should be Managed Apple ID Device should have a passcode policy Device should have “allowListedAppBundleIDs” added in the “com.apple.applicationaccess” payload If either of the above conditions are not met, then the issue does not happen. If the device is set up in the above way and we try to login with Managed Apple ID, then the login fails. Please refer the recording at this link: https://drive.google.com/file/d/1XG17loAuH_GB1IyGdwD8txjkHZWqGeD1/view?usp=drive_link We reproduced the issue three times and got the log files: Issue occurred at: 21st March 2024 at 19:54:58 IST a. Log file name: sysdiagnose_2024.03.21_19-55-26+0530_iPhone-OS_iPhone_21D50(07.54.58 pm).tar.gz b. Link: https://drive.google.com/file/d/1nk-cQPrVEZrAUgVmrxPCsSRDd4aNF8eK/view?usp=drive_link Issue occurred at: 21st March 2024 at 19:59:44 IST a. Log file name: sysdiagnose_2024.03.21_20-00-02+0530_iPhone-OS_iPhone_21D50(07.59.44 pm).tar.gz b. Link: https://drive.google.com/file/d/1VPcF77G2SK2c1rBK4S2GbLCAiQEeYPOB/view?usp=drive_link Issue occurred at: 21st March 2024 at 20:03:27 IST a. Log file name: sysdiagnose_2024.03.21_20-03-39+0530_iPhone-OS_iPhone_21D50(08.03.27 pm).tar.gz b. Link: https://drive.google.com/file/d/1zlLLMd0ugJoiZtmpWlarREFDl1vjZoWP/view?usp=drive_link During the above tests, this was the setup Passcode Policy: a. requireAlphanumeric: true b. minLength: 13 c. allowSimple: false allowListedAppBundleIDs: This can be anything but atleast one of them should be enabled. For example a. com.apple.AppStore b. com.apple.MobileAddressBook c. com.apple.calculator d. com.apple.camera e. com.apple.DocumentsApp f. com.apple.facetime What results I expected: The user should be able to login without an issue What results I actually saw: The user does not login We also created a ticket in Feedback assistant in March but haven't received any response: FB13694721

Hi, I would like to introduce you to the problem of my client, who is probably one of the first Apple Business Manger users in Poland. The client created an ABM instance and verified it. He also created a second administrator account as recommended, and added the first device. The problem was that these accounts were accessed by one person who used Cyber Ark to save credentials. After saving the credentials for the administrator accounts, an error occurred with Cyber Ark and the passwords of these accounts were saved incorrectly. The customer has since lost access to the verified ABM instance with one device already added. Can you advise me on what to do in this situation? Can https://iforgot.apple.com/ help in any way here? Thanks a lot for all your help Best Regards, XVsorim

The wallet App on a managed business ID is currently not able to store credit cards or flight tickets. When can we expect to have this functionality? Is there a reason why it's not possible to store the cards at the moment?

Hello, We are experiencing intermittent tunnel communication failures in iOS devices following internal application updates or fresh installations. This issue occurs specifically with VMware Workspace ONE Advanced (includes AirWatch) - On Premise and Workspace ONE Tunnel. Our enterprise mobility management platform provides comprehensive tools for managing corporate-owned and BYOD devices across various operating systems. Detailed Information: Applications Involved: VMware Workspace ONE Advanced (On-Premise): Manages and secures devices and applications. Workspace ONE Tunnel: Enables per-app VPN services, routing traffic from specific managed applications through our VPN. Problem Context: After a recent update, and notably after introducing deeplinking capabilities which required making our public DNS changes to host the Apple-app-site-association file, iOS devices are not routing application traffic through the Workspace ONE Tunnel correctly. Instead, applications are bypassing VPN configurations and connecting directly to public networks, jeopardizing data security. This behavior is inconsistent and varies across devices. To illustrate, I have attached a diagram (Diagram 1) that shows the flow of traffic during the issue compared to normal operations. Timeline and Troubleshooting Steps Taken: Initial Report Date: February 2024, following the iOS update 17.3.1 and post-deeplinking modifications. VMware Involvement: Multiple troubleshooting sessions, including log analysis and configuration reviews. VMware indicated the issue might not be directly related to their platform as the tunnel functions normally post-device restart. Logs Reviewed: Application logs, network traces, and device management logs. No errors directly linked to VMware solutions were found. The logs showing the issue occurrence and after a device restart are included (see Logs Set A and Logs Set B). Additional Information: Devices Affected: Various iOS devices, total fleet approximately 1500 units. Inconsistencies: The issue manifests inconsistently across different organizational groups (OGs) and is not tied to a specific app version or device model. Developer Notes: The issue does not occur when applications are deployed via Xcode during testing phases. It only arises when apps are updated in a live environment. Request for Assistance: We request Apple’s assistance in investigating potential iOS-specific causes or configurations contributing to this issue, particularly in the context of the deeplinking changes. A joint troubleshooting session is proposed to further diagnose and address the problem. Prompt support in resolving this issue, given its impact on our operations, would be greatly appreciated. Attachments: Diagram 1&2: Traffic Routing During Issue vs. Normal Operation Diagram 3: Our App communications diagram Logs Set A: Device Logs When Issue Occurs Logs Set B: Device Logs After Restart (Set A) After restart - no issue .log https://drive.google.com/file/d/1Q2COgXkMa3KnN1N-ggZKwYhHP7KC-Hwy/view?usp=sharing (Set B) before restart.log https://drive.google.com/file/d/1uS9kAV6zJyRvVRQoWQNKdWBBR7sxM6Js/view?usp=sharing Any suggestions? Thank you!

Hello there! I'd like to know if it is possible to use Apple Business Manager API to create an automation for user creation, please. Thanks in advance.

Hi, We have our devices listed in Apple Business Manager but they are not enrolled in MDM. Some of the devices are locked in Activation Lock screen as employees logged in with their personal account . Since devices are company owned and already available in ABM is there any way to remove activation lock easily without providing proof of purchase to apple? In order to prevent devices getting into activation lock in future the only way is to Enroll the device in a MDM? Are there anyways to bypass activation lock if we are not using MDM

We created an app for iphone which includes a Watch app. The app works well during debugging, and also in TestFlight the Watch app installs nicely and does what it is supposed to do. However, when we make the app available through the Apple Business Manager (the app is for internal use by a company) the Iphone app downloads without problems, but the app for the Apple Watch does not work. When I go to the Watch app on my Iphone (where you can manage the apps on your Watch and so on) my app is listed, but when I press install I see a loader for a few seconds, then it stops but nothing else happens. So the code seems to be good, but after I download the app with a code through the Business Manager, then I cannot install the Watch version of the app.

Recently i created an ABM account and seemed to work fine. all of the sudden we cannot log in anymore and we get a notification that this apple ID is deactivated (but it is active). when i want to reset password, deactivate or delete this user in ABM, i get an INTERNAL_ERROR message with no further explination. i can delete and deactivate other users but not this one. The log file is not realy any use since it sais 'SUB_STATUS, COMLETED_WITH_FAILURE". Any idea how i can resolve this?

I've added my organization macbook air m2 2022 via apple configurator, however, the mac it not receiving the Remote Management prompt during setup. I've confirmed that the device in ABM is pointing to the connect server. Any ideas?

Hi all , We are planning to manage about 1 Million+ Apple devices of inclusive of both iPhone and Mac devices under a AxM Account. However while adding VPP Licenses for an App i'm prompted with below error: " You cannot order more than 100000 copies of same the free item per week" While our goal is to manage 1 Million devices under same Location token , i have below questions in mind 1 . What is the upper limit of number of Licenses that can be added per app in a Location token? Currently it says 1 Lakh Licenses per app per week . Wanted to know if there is any limit on this count as it shouldn't surprise us in upcoming weeks. 2 . How many Locations can be created in a AxM Account? Currently we created about 15 location to see if there are any limit but so far couldn't find any limit on number of locations that can be created. This limit could help us plan our deployment in advance 3 . What is the total number of licenses a VPP Location token can hold ? As we manage 1 Million Devices for 12 Apps , 1 Million x 12= 12 Million licenses would be transacted in this location token by our MDM Solution , is this okay or will there be any limitations in this count

This is Saeid from Drion.ai Ag company in Germany. We are s marketing startup and we are developing a marketing platform we need to give opportunity to our users to sign in using Apple ID. I have sent all of the company documents, my ID card, and all documents that we have in our company just to activate the AppID login API and it is nothing after more than 2 months. I had a call from Apple support and she told me to send some documents I did it, but nothing yet. Is this Apple company's suport for developers?!

Hello, The issues we previously identified still need your attention. If you have any questions, we are here to help. Reply to this message in App Store Connect and let us know. Review Environment Submission ID: 00fc9b08-3da8-4b89-8810-740174730062 Review date: April 21, 2024 Version reviewed: 1.0 Guideline 3.2.1 - Business - Other Business Model Issues - Acceptable Your app provides financial services but does not meet all the requirements for apps providing these services. Specifically: The app must be published under a seller and company name that is associated with the organization or company providing the services. In this case, your app must be published under a seller name and company name that reflects the Askmefund name. The account that submits the app must be enrolled in the Apple Developer Program as an organization, and not as an individual. These requirements give App Store users confidence that apps offering financial services are qualified to provide these services and will responsibly manage their data. Please provide ownership documentation or modify the vendor seller name. Please Help me.

Hello everyone! The first time I needed Apple Support I had to wait 2 weeks. I wrote now 5 days ago to change my entity type from Individual to Company and I am afraid I am going to wait weeks or months for such a thing to happen. I wrote countless support emails asking for an update on my case number 102275785042, but I am receiving only the confirmation email that is lying that it takes 48 to respond. I have wrote my first app but I am stuck on this and everything is going to be for nothing because my client is leaving me. Taking in account that I don’t have an option to call, what can I do to get an answer from Apple? I am in Romania. If I get a phone number of a country that they really do offer support, will I be able to call, or have the issue addressed? I am getting desperate

Hello Apple Developer Community, I am writing to request urgent support to re-enable our developer account which seems to have been disabled as a result of a credit card issue. We have attempted to reach out via email since phone support is not available in my region but received no response for the past 8 days. This issue is hampering our ability to deploy new updates to appstore for critical updates. Thank you for your attention. Looking forward to your support.

Hi, We have had this issue for a while now with managed AppleID's and Business Manager-BM BM does install XCODE - under Configuration - Automatic BM does not show installed - under Overview BM Install Status - always shows ... "Update Pending" Randomly - Downloads over 4GB like it tries to re-install If I goto my Mac, and open Business Essentials - it always tries to re-download the 4GB. It shows a second Xcode icon - that is always 1.7MB ... then when it is done, it goes away. This is the only app that is having an issue. I have tried everything .. new collections, only use 1 user, delete locally and redeploy. Automatic and manual. It is always is the same problem. Anyone seen this issue? I have an open case with Apple.

We are trying to develop an app with AppClip functionality because we believe that launching an app with AppClip as the driving force is very good. Since it will be an app for employees, we plan to distribute it via MDM and links, so we will not publish it on the AppStore. I know you said in a past forum that you did not support AppClip 3 years ago, but I would like to know what the current status is. https://developer.apple.com/forums/thread/652854

As enterprise endpoint security/data loss prevention application, we need to detect data which is being transferred out of the enterprise context from their MacOS filesystem through applications like Cloud Sync or Email. Depending on the file content, type and size, we require some time for scanning the content being sent. This can range from milli seconds to few minutes for very large contents. But the Endpoint Security message has to be responded within the provided message deadline else application will be killed. This deadline is reducing with every macos release and its now only 15 seconds on macos sonoma which is blocking our use case of completing the scan before responding. We may scan it before but it imposes challenges of the data being modified before actual sent. So, we have to scan it on the fly and cant rely solely on the previous scans. Is there any way an Enterprise can customize this deadline value depending on the ES message and scanning application may be through MDM setting?

Query: My ex colleague opened a individual apple developer account and we mutually published app there, but later on, he get separated, and move to an other town. I keep on using same account but he stopped. I don't have his contact detail as he have changed is contact and all details. Now I want to transfer account holder role to my name, where as apple says one can only do it in below scenario. ""Account Holder transfers for individual members are granted when a minor reaches the age of majority and can receive the Account Holder role from their guardian, or when the Account Holder is deceased. Assistance is required from Apple Developer Support."" Any Solution to my Problem?

I'm developing for DEP (Device Enrollment Program). Each time a new iPhone is added through the configurator, I have to call the API at https://developer.apple.com/documentation/devicemanagement/assign_a_profile to assign a predefined configuration profile to the device. Is there a way to automatically assign new devices to a default configuration profile?