I'm encountering challenges deploying two unlisted applications via MDM to an iOS 17.2 device. The first app successfully installed after presenting a user prompt upon distribution <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>Command</key> <dict> <key>RequestType</key> <string>InstallApplication</string> <key>iTunesStoreID</key> <integer>**********</integer> <key>InstallAsManaged</key> <true/> <key>ManagementFlags</key> <integer>5</integer> <key>ChangeManagementState</key> <string>Managed</string> </dict> </dict> </plist> Device Response for first app :- <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>Identifier</key> <string>*********************</string> <key>State</key> <string>Prompting</string> <key>Status</key> <string>Acknowledged</string> <key>UDID</key> <string>XXXXXXXXXXXX</string> </dict> </plist> However, deploying the second app resulted in an error message from the device. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>Command</key> <dict> <key>RequestType</key> <string>InstallApplication</string> <key>iTunesStoreID</key> <integer>**********</integer> <key>InstallAsManaged</key> <true/> <key>ManagementFlags</key> <integer>5</integer> <key>ChangeManagementState</key> <string>Managed</string> </dict> </dict> </plist> Device Response for second app :- <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>9610</integer> <key>ErrorDomain</key> <string>ASDServerErrorDomain</string> <key>LocalizedDescription</key> <string>License not found.</string> </dict> </array> <key>RejectionReason</key> <string>NotSupported</string> <key>Status</key> <string>Error</string> <key>UDID</key> <string>XXXXXXXXXXX</string> </dict> </plist> Can you confirm the iOS Devices support deployment of Unlisted apps without VPP app assignment ?

I tried the new feature of iOS 17.2 com.apple.configuration.app.managed A configuration and its activation are defined with the data like this. { "Identifier": "389459bf-0902-58dd-be0e-11c83c695a8b", "Type": "com.apple.configuration.app.managed", "Payload": { "InstallBehavior": { "Install": "Required", "License": { "VPPType": "Device" } }, "BundleID": "com.microsoft.Office.Powerpoint" }, "ServerToken": "..." } After distributing the configuration with DeclarativeDevicement MDM command, an error is notified via status channel app.managed.list. { "active": true, "identifier": "389459bf-0902-58dd-be0e-11c83c695a8b", "valid": "valid", "server-token": "21b95e4cb0b616a3ac77a5905ed08756fa36f605ad1a30a9bd347a4a8092532c" }, "app": { "managed": { "list": [ { "state": "failed", "declaration-identifier": "389459bf-0902-58dd-be0e-11c83c695a8b", "identifier": "com.microsoft.Office.Powerpoint", "name": "Microsoft PowerPoint", "reasons": [ { "code": "Error.LicenseNotFound" } ] }, After VPP license for the app is assigned, I tried to issue DeclarativeManagement command again. However iOS device doesn't fetch the configuration because it is not changed. App installation is not retried even after the valid license is assigned. How can we trigger the retrying installation? Thank you

When we try to push blueprint for MDM over Wi-Fi in apple TV it fails, but in over the cable it works properly. After pushing the blueprint over Wi-Fi, the device gets rebooted and go through setup steps, at the end we don't see the step for Mobile Device Management. I'm attaching a sample Profile we attach to blueprint and Screenshot of Blueprint configuration.

I want to control one iPhone from another iPhone remotely and both of the phones in different places. How to do that ? Using Web Driver Agent how can we achieve this ? We need to capture the frames as well every second like screenshots

Hi everyone, I would like to change other user account's password from an account with root privilege. I've read https://discussions.apple.com/thread/7334618 and tried the following steps. login to an account (user1) with root privilege and open the terminal execute "dscl . -passwd /Users/user2 oldPw newPw" execute "su - user2" enter user2's password (i.e., newPw) execute "security set-keychain-password -o oldPw -p newPw /Users/user2/Library/Keychain/login.keychain-db" When I logout user1 and login user2, the system popup "This Mac can't connect to iCloud because of a problem with {Apple id}". It seems that the iCloud keychain is broken. Also, we need to enter oldPw to unlock "> System Preferences > Passwords", but not the newPw. (ps: we can login user2 and unlock user2's login.keychain-db with newPw) However, if we change user2's password in user2's terminal as follows. Everything works fine. login to user2 and open the terminal execute "dscl . -passwd /Users/user2 oldPw newPw" execute "security set-keychain-password -o oldPw -p newPw /Users/user2/Library/Keychain/login.keychain-db" I've tested this issue on macOS 12.6.9 and 14.1.2. Both of them have this problem. Is this a bug or how can I fix this? (e.g., change iCloud keychain password?) Thanks.

We are working with MDM service using VPP API, and trying to migrate Legacy APIs to new App and Book Management APIs. This document says Send the public key you generate to your Apple contact in a plain-text file. Do not share the private key. Also provide a brief description of your use case and product. I generated a key-pair and sent the public key to Apple Developer Program support, however they didn't know how to handle it. What means "your Apple contact" here? I already understand how to generate JWT token for the api.ent.apple.com. I want to know who authorize the public key for the organization. Thank you,

We are facing issue SSO from some days its was working fine few days before. In apple devices, we are facing issue that once user enters the username and password, it is asking again when user logs in. All things were fine no changes in system only thing, this issue started happening for may be iOS 16 updated. We have implemented SSO using Microsoft AD. Things working for all other OS (Windows, Android) except iOS.

Hi Apple IT Developer Team, In what format should the GetToken response be returned? The session explains "The JSON Web Token should be signed by the MDM server's private key.", but it seems vague to me. A sample response would be appreciated.

Hi Team, The User Enrollment introduced by Apple back was really great I was trying to test out that .As per the implementation details provided by apple for Simple Authentication - User Enrollment Flow. Below are the steps I followed to implement it. Step 1) Making a /.well-known/com.apple.remotemanagement url and sending a json as for byod which apple has detected successfully. Step 2) Apple making a POST request to BaseServer URL of MDM to get enrollment profile ( At this Step as there is not Authorization header I sent a 401 with WWW-Authenticate header with scheme and url as mentioned by apple) Step 3) Apple has requested With GET to get the html page to show to the user from the url mentioned in WWW-Authenticate header. Step 4) Here there is a tweak the HTML page I actually shown doesn't contains any form as it is for testing purposes. I Simply had a button which upon clicking sends a POST to my url with empty JSON using axios library where from the server I sent a 308 redirect with Location header as mentioned by apple apple-remotemanagement-user-login://authentication-results?access-token=dXNlci1pZGVudGl0eQ Where after I expect the ASWebAuthenticationSession to end and apple to start Second Enrollment attempt with acces token as Authorization Bearer token But the Screen showing the HTML page doesn't go away and neither apple started any steps to get the Enrollment profile from MDM server . Am I commiting any mistakes here.Could you please help on going with it.

The MAC device is a device that has been manually added to the Apple Business Manager. DEP profiles are normally installed in both iOS and iPadOS. Profile descript error occurs only when attempting DEP of MacOS. (If you look at the picture, a decryption error occurs in the remote device registration step.) I asked Apple's customer center about this problem,  and it is said that it is caused by the lack of a key called "automatic registration on the MDM server" The key cannot be found in the Apple official document related to the profile below. https://developer.apple.com/documentation/devicemanagement/mdm/ Information received during DEP enroll of Macmini using Apple silicon. {    'LANGUAGE': 'en_US',    'PRODUCT': 'Macmini 9,1',    'SERIAL': 'CXXXXXXXXXXV',    'UDID': '0XXXXX27-XXXX-XXXX-XXXX-XZXXXXXXXXX',    'VERSION': '21C52' } Information received during DEP enroll of iPAD {    'LANGUAGE': 'en_US',    'PRODUCT': 'iPad5,4',    'SERIAL': 'DXXXXXXXXXXQ',    'UDID': '9aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX6d',    'VERSION': '19C63' } Profile to be transmitted to the device (same as MacOS, iOS, IPadOS) {    'AccessRights': 8191,    'CheckInURL': 'https://apm.xxxxx.com/checkin',    'CheckOutWhenRemoved': True,    'IdentityCertificateUUID': '00000000-0000-0000-0000-000000000000',    'PayloadDescription': 'MDM Profile',    'PayloadDisplayName': 'MDM',    'PayloadIdentifier': 'com.xxxxx.xxxxxxx.mdm',    'PayloadOrganization': 'MDM provider',    'PayloadType': 'com.apple.mdm',    'PayloadUUID': '00000000-0000-0000-0000-000000000000',    'PayloadVersion': 1,    'PromptUserToAllowBootstrapTokenForAuthentication': True,   'ServerCapabilities': ['com.apple.mdm.per-user-connections','com.apple.mdm.bootstraptoken'],    'ServerURL': 'https://apm.xxxxx.com/server',    'SignMessage': False,    'Topic': 'com.apple.mgmt.External.206bfa63-f76a-4381-9e50-6f74241d14d9' }  Because it uses the same profile structure, it is not understood that iOS/iPadOS operates normally and errors occur only in MacOS. If there is anything that can help me, please let me know. Thank you.