New Local Network Privacy Setting has been added in Privacy & Security Section of system Settings. I just want to know if this permission be managed through MDM mobileconfig profile. Let me know if any suggestions are there, in respect to this.

On the "What's new for enterprise in iOS 18" page here: https://support.apple.com/en-am/121158, one of the new features mentioned is: "On supervised devices, organizations can disable a user’s ability to hide and lock apps." Despite reviewing the developer documentation surrounding device management (https://developer.apple.com/documentation/devicemanagement), as well as going through the latest changes to schema definitions (https://github.com/apple/device-management), I have been unable to find a restriction that corresponds to this functionality. This is a feature that I'd like to implement, has anyone found any details about this restriction and what key may need to be inserted in the restrictions payload to use it?

I am trying to use Apple Intelligence on a shared iPad. I cannot use Apple Intelligence even though I have registered my Apple Acount. Apple Intelligence does not appear in the device settings. Please tell me the following Can I use Apple Intelligence on my Shared iPad device? If so, is it an expected behavior that Apple Intelligence settings are not displayed on the Shared iPad device? The specifications of the devices used are as follows OS: iPadOS 18.1 beta3 Model: iPad Air-13inch(M2)

I was checking the operation of items that are now available on devices with iOS 18 or later, but when I distribute to Shared iPad devices, the following 3 items are not installed on the device and cannot be controlled. allowiPhoneMirroring allowPersonalizedHandwritingResults allowWritingTools Please let us know the following. Are the above 3 items available on Shared iPad? If so, please tell us how to solve the problem that the items are not installed on the Shared iPad device and the control does not work. The specifications of the device used are as follows OS : iOS18.1 beta3 Model : iPad Air 13-inch(M2)

Hi Apple Team , We have a. Bunch of macOS devices in our Fleet Which has MDM Passcode Payload Applied. We have observed a huge delay in unlocking the user account at login Screen after the Credentials are presented, Where as Removing the Passcode Payload makes the User to unlock their account at login Screen Immediately. Can someone help with this issue any OS Updates helps this ? Have Filed a FeedBack: FB15143190 (MDM Passcode Payload Causing Delay In Device Unlock) Also there is a Discussion reg this Passode Policy Issue

We have confirmed the operation using iOS18 beta devices regarding the item "allowVideoConferencingRemoteControl" which is implemented for iOS18 beta. Remote control can be requested even if “allowVideoConferencingRemoteControl" is set to "true" or "false". Please tell me the following. Is it an expected behavior that there is no control regarding remote control whether "allowVideoConferencingRemoteControl" is true or false? I have confirmed the operation by following the procedure below, but is the procedure to confirm the control of "allowVideoConferencingRemoteControl" correct? Steps taken Create a profile with "allowVideoConferencingRemoteControl" set to "false" in the restriction settings Distribute to the terminal Make a video call with facetime between iOS18 beta devices One device performs screen sharing of the device with Share Play, and the other device requests remote control. Even if "allowVideoconferencingRemoteControl" is set to "false" in the restriction settings, remote control requests are still made.

I am checking the behavior of the Contact settings, but the controls are not working with respect to the Communication Service Rules. Please let me know the following Is it possible to change the default calling app on a Japanese iPhone? If possible, does the control of the Contact settings in the configuration profile work?

Hi, Team: Is there any difference in the underlying logic between starting the network filter by configuring the MDM description file through the first connection below and starting the network filter through the second connection in the code? First connection：https://developer.apple.com/documentation/devicemanagement/webcontentfilter?language=objc Second connection： https://developer.apple.com/documentation/networkextension/nefiltermanager?language=objc

I sent the description file through MDM in advance and configured the system extension and web content filter. When my code uses activationRequestForExtension:queue: to activate the system extension, other security app processes will be killed. I received the following message. May I ask why this may be? 2024-09-02 11:42:19.737229 (gui/501/killed_bundleid [679]) : exited due to SIGPIPE | sent by killed_app[679], ran for 301372ms 2024-09-02 11:42:19.737239 (gui/501/killed_bundleid [679]) : service state: exited 2024-09-02 11:42:19.737245 (gui/501/killed_bundleid [679]) : internal event: EXITED, code = 0 2024-09-02 11:42:19.737247 (gui/501/killed_bundleid [679] ]) : job state = exited 2024-09-02 11:42:19.737274 (gui/501 [100003]) : service inactive: killed_bundleid 2024-09-02 11:42:19.737277 (gui/501/killed_bundleid [679]) : service state: not running 2024-09-02 11:42:19.737282 (pid/679 [killed_app]) : shutting down 2024-09-02 11:42:19.737310 (pid/679 [killed_app]) : cleaning up

Hi,Team: I successfully installed the system extension through MDM and want to uninstall it through RemovableSystemExtensions, but this command does not support versions below macOS 12. Is there any other way to pause or uninstall the system extension? Can I delete the configuration file that allows system extensions through MDM? Or send and delete the configuration file of AllowedSystemExtensions?

Hi, Team: I developed a network filter and used MDM to issue a description file. By configuring AllowedSystemExtensions, I can avoid the reminder of loading system extensions during installation. However, when savingToPreferencesWithCompletionHandler, I will still be reminded that my network data is monitored. How can I configure MDM to avoid this reminder? And why can I still delete the filter from the network filter conditions even though I configured it in mobileconfig in the following way. NonRemovableFromUISystemExtensions com.mysystemextensionid

Hello, I am working on a MDM solution. I am facing issue to while Activation Unlock Iphone by MDM server. I am following this https://developer.apple.com/documentation/devicemanagement/device_assignment/activation_lock_a_device/creating_and_using_bypass_codes documentation as reference. I am able to activation lock the device from mdm server but while unlocking the device I am getting below error "?xml version="1.0" encoding="UTF-8"?> ns:escrowKeyDeviceServicesResponse version="1" xmlns:ns="http://www.apple.com/cds/mdmescrowKeyDeviceServices/xml"> error code="1002" message="com.apple.cds.cyclops.mdm.MDMServiceException: No registered escrow key found"/> /ns:escrowKeyDeviceServicesResponse>" I am sending below request for Unlock Url=https://deviceservices-external.apple.com/deviceservicesworkers/escrowKeyUnlock?Device_Serial=XXXXXXXX&productType=iPhone12,8&imei=XXXXXXX&imei2=XXXXXXXXXXXXXX&meid=XXXXXXXXXX Body=escrowKey=VT2DK-YR647-HWAY-096C-ER7P-89J1&orgName=ORGNAME&guid=9C1AE0D42A38A23AFFE59 Below working request for Activation Lock URL=https://mdmenrollment.apple.com/device/activationlock Body = { "Device" :"Serial_Number", "EscrowKey" :"B83C6E662299F3AF202656C4D7A434A319A34241A2892792132EECE56F6D898A", "LostMessage":"Message" } Any idea what could cause this error.

Hey, Im trying to utilize the new DDM features introduce in Safari 18 & macOS 15 and enabling extension using my MDM (Intune in my case). For some reason, it doesn't seems to work on my mac machine running macOS 15 beta. Intune support claims that everything is configured as it should on their end, and there is a problem with device or configuration. I used Apple documentation and the configuration YAML in apple device management repo So I don't really sure what I am missing. Has someone managed to make it work using MDM (intune, jamf, etc')? And if so can he shared the configuration? Thanks.

Hello, We are trying to use the Managed App Distribution framework with our mdm following the documentation here : https://developer.apple.com/documentation/managedappdistribution But on the first load we don't get anything, the app keep getting stuck inside the following code without sending an error or getting the managed apps for try await result in ManagedAppLibrary.currentDistributor.availableApps { content = try result.get().map(Content.managedApp) } If we update the list of available managed apps in our mdm, the function execute and so we have all the apps displayed as expected, but if we close and re-open the app it'll again not display anything until we update the managed apps list. How can we fetched our managed apps at anytime and not only when the list is updated ? Why this method seems to be waiting for an update instead of just fetching the available managed apps when we call it ?

In MDM Software Update settings(https://developer.apple.com/documentation/devicemanagement/softwareupdate), there is a key "restrict-software-update-require-admin-to-install" which apparently controls if the standard users are allowed to install apps and software updates. But so far, even if this is set to true, a standard user is able to download apps from Appstore. We noticed that when we publish a pkg to be installed via MDM, then that does not get installed if the above setting is set to true. Please provide clarity on what this setting controls.

Starting with macOS 15, the Local Network Privacy (LNP) feature has been introduced, which has been available on iOS for some time. We are developing an enterprise application for remote control and protection of corporate devices. The management is carried out using a dedicated server, usually located on the internal LAN of the enterprise. In order to interact with this server, devices require access to the local network, which is managed by the new TCC LNP. The UX of our application involves minimal user interaction. To address this issue, we use Apple's MDM to automatically grant various permissions. Additionally, we have scripts for remotely installing the application and configuring it. However, for the new TCC LNP, we have not found a way to do this through the MDM profile. Does Apple intend to incorporate the relevant functionality into the MDM? There are several posts on the dev forum about this topic, but they are all about iOS.

In the latest macOS 15 system, we've noted that end users have the capability to disable and prevent the launch of system extensions via system settings. I'm curious to know whether Apple plans to offer MDM configurations to deter end users from performing such actions.

I am trying to build an application that interacts with iphone screen to perform operations like touch/tap/swipe (Not inside an app but whole screen). The closest tool to do it is FB IDB (Ios Development Bridge). But IDB doesn't support UI interactions with physical device, quoting that apple doesn't allow it. Is it possible to do it? If not, is there any official document that quotes apple doesn't allow UI interactions on physical devices, programmatically ?

Hello all ! Received my Apple Vision Pro today. Device is on ABM, assigned to JAMF Pro with a separate Prestage. Out of the box, it did not catch the configuration (Vision OS 1.3). I enabled beta releases, and it installed 2.0 beta 5. At reboot, it regenerated the Persona, and is now stuck in "waiting configuration" (from the MDM I guess. I can not reset it. Even with the developer Strap, Apple Configurator is not able restore the ipsw (it was not paired yet). Any idea ? Any secret DFU ?

The Check-in API is now used for declarative device management in addition to MDM authentication and token updates. We would like to set a different endpoint for DDM requests only than for MDM authentication So is it possible to configure different Check-in API endpoint for MDM and DDM? For example, we would like to split the endpoints as follows Endpoints for MDM authentication and token update yourmdmhost.example.com/checkin Endpoint for DDM yourmdmhost.example.com/ddm-chcekin Check-in API Documentation https://developer.apple.com/documentation/devicemanagement/check-in