I maintain an iOS and Apple TV app that share a bundle ID. We recently updated our Apple TV app to version 5 but iOS remains at version 4.6.6. However when you view the App Store Preview page it only shows the iOS version history and version number. Example https://apps.apple.com/us/app/trilbytv-player/id674488346?platform=appleTV I believe this also has a knock on effect for MDM systems as we are aware of an issue where Jamf may not be able to allow Apple TV devices to update to v5 as the app store data it uses reports the iOS version number not the platform specific version.

We have an existing version of a mobile app in Appstore. This app was written in ionic version 2.2, more than 4 years back. To improve user experience and to add helpful features, we re-wrote the app in React Native. We are planning to release this new version in 2024. We want a recommendation on how to release the new version in a controlled way to selected few users only. We will have a specific target audience for the new version, not random sampling (so, can't use phased release option). User selection will be driven by a database. Constraints as follows. Old app is frozen. It's very difficult to change anything in it. We do not have MDM. It’s a public facing app. We should be able to control who get’s which version of the app. We should be able to roll back to the old app if needed. We are trying to bundle both apps in a container app which will route the user to the old or new version of the app (within the same bundle). Have anyone done anything like this before? If not, do you see any technical difficulties with the approach either during coding or during Appstore review?

I'm encountering a strange issue with PPPC configuration files and app visibility in Security & Privacy for standard users on the latest macOS version. The Scenario: I created a PPPC file granting accessibility and screen recording permissions for my app. I deployed the PPPC file to devices using MDM. Surprisingly, the app doesn't appear under Security & Privacy > Privacy > Screen Recording or Accessibility for standard users. However, if I remove the PPPC file, the app instantly shows up in those locations. What I've Tried: Double-checked the PPPC file syntax and permissions configuration. Redeployed the PPPC file and verified successful installation on devices. Restarted devices and re-registered the MDM profile. The Impact: This issue prevents standard users from granting my app the necessary permissions through the standard system interface. They require admin intervention to grant permissions manually, which is inconvenient and not ideal for our workflow. Seeking Help: I'm reaching out to the community for any insights or suggestions on resolving this issue. Has anyone encountered a similar problem with PPPC files and standard user permissions? Any advice or potential solutions would be greatly appreciated!

I registered a Mac as a device in apple-developer using a third-party UID for collaboration, but the Mac cannot be selected when creating a provisioning profile. And they say udid and uuid are the same. Why is that? The third party's Mac has been updated to Ventura OS using Open Core patcher.

Push notification for PWA app is supported on iOS >= 16.4. I want to restrict app usage using Restriction payload of configuration profile. Formerly we could it by defining a restriction like this. (actually via MDM) <key>whitelistedAppBundleIDs</key> <array> <string>com.apple.webapp</string> </array> However on iOS >= 17.0, the notification setting of the PWA app is disappeared!! Without the restriction payload, or with the restriction payload without whitelistedAppBundleIDs, the notification setting for the PWA app is shown as expected. Also we discovered that the issue can be avoided by adding com.apple.WebKit.PushBundle.xxxxxx into the restriction payload. <key>whitelistedAppBundleIDs</key> <array> <string>com.apple.webapp</string> <string>com.apple.WebKit.PushBundle.7880D99FB56F4FF7B5DC019E0EDBCBD0</string> </array> com.apple.WebKit.PushBundle.7880D99FB56F4FF7B5DC019E0EDBCBD0 can be found with console log using Apple Configurator. However it cannot be found via MDM command (ex. InstalledApplicationList). We want to configure and install the restriction payload into multiple devices via MDM. So how can we know the com.apple.WebKit.PushBundle.xxxxxx via MDM? or how can we enable push notification settings for PWA apps with restriction payload? Thank you

I'm encountering challenges deploying two unlisted applications via MDM to an iOS 17.2 device. The first app successfully installed after presenting a user prompt upon distribution <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>Command</key> <dict> <key>RequestType</key> <string>InstallApplication</string> <key>iTunesStoreID</key> <integer>**********</integer> <key>InstallAsManaged</key> <true/> <key>ManagementFlags</key> <integer>5</integer> <key>ChangeManagementState</key> <string>Managed</string> </dict> </dict> </plist> Device Response for first app :- <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>Identifier</key> <string>*********************</string> <key>State</key> <string>Prompting</string> <key>Status</key> <string>Acknowledged</string> <key>UDID</key> <string>XXXXXXXXXXXX</string> </dict> </plist> However, deploying the second app resulted in an error message from the device. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>Command</key> <dict> <key>RequestType</key> <string>InstallApplication</string> <key>iTunesStoreID</key> <integer>**********</integer> <key>InstallAsManaged</key> <true/> <key>ManagementFlags</key> <integer>5</integer> <key>ChangeManagementState</key> <string>Managed</string> </dict> </dict> </plist> Device Response for second app :- <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>9610</integer> <key>ErrorDomain</key> <string>ASDServerErrorDomain</string> <key>LocalizedDescription</key> <string>License not found.</string> </dict> </array> <key>RejectionReason</key> <string>NotSupported</string> <key>Status</key> <string>Error</string> <key>UDID</key> <string>XXXXXXXXXXX</string> </dict> </plist> Can you confirm the iOS Devices support deployment of Unlisted apps without VPP app assignment ?

When we try to push blueprint for MDM over Wi-Fi in apple TV it fails, but in over the cable it works properly. After pushing the blueprint over Wi-Fi, the device gets rebooted and go through setup steps, at the end we don't see the step for Mobile Device Management. I'm attaching a sample Profile we attach to blueprint and Screenshot of Blueprint configuration.

I tried the new feature of iOS 17.2 com.apple.configuration.app.managed A configuration and its activation are defined with the data like this. { "Identifier": "389459bf-0902-58dd-be0e-11c83c695a8b", "Type": "com.apple.configuration.app.managed", "Payload": { "InstallBehavior": { "Install": "Required", "License": { "VPPType": "Device" } }, "BundleID": "com.microsoft.Office.Powerpoint" }, "ServerToken": "..." } After distributing the configuration with DeclarativeDevicement MDM command, an error is notified via status channel app.managed.list. { "active": true, "identifier": "389459bf-0902-58dd-be0e-11c83c695a8b", "valid": "valid", "server-token": "21b95e4cb0b616a3ac77a5905ed08756fa36f605ad1a30a9bd347a4a8092532c" }, "app": { "managed": { "list": [ { "state": "failed", "declaration-identifier": "389459bf-0902-58dd-be0e-11c83c695a8b", "identifier": "com.microsoft.Office.Powerpoint", "name": "Microsoft PowerPoint", "reasons": [ { "code": "Error.LicenseNotFound" } ] }, After VPP license for the app is assigned, I tried to issue DeclarativeManagement command again. However iOS device doesn't fetch the configuration because it is not changed. App installation is not retried even after the valid license is assigned. How can we trigger the retrying installation? Thank you

I want to control one iPhone from another iPhone remotely and both of the phones in different places. How to do that ? Using Web Driver Agent how can we achieve this ? We need to capture the frames as well every second like screenshots

Hi everyone, I would like to change other user account's password from an account with root privilege. I've read https://discussions.apple.com/thread/7334618 and tried the following steps. login to an account (user1) with root privilege and open the terminal execute "dscl . -passwd /Users/user2 oldPw newPw" execute "su - user2" enter user2's password (i.e., newPw) execute "security set-keychain-password -o oldPw -p newPw /Users/user2/Library/Keychain/login.keychain-db" When I logout user1 and login user2, the system popup "This Mac can't connect to iCloud because of a problem with {Apple id}". It seems that the iCloud keychain is broken. Also, we need to enter oldPw to unlock "> System Preferences > Passwords", but not the newPw. (ps: we can login user2 and unlock user2's login.keychain-db with newPw) However, if we change user2's password in user2's terminal as follows. Everything works fine. login to user2 and open the terminal execute "dscl . -passwd /Users/user2 oldPw newPw" execute "security set-keychain-password -o oldPw -p newPw /Users/user2/Library/Keychain/login.keychain-db" I've tested this issue on macOS 12.6.9 and 14.1.2. Both of them have this problem. Is this a bug or how can I fix this? (e.g., change iCloud keychain password?) Thanks.

Hello! I couldn't reach out to support team because when i'm trying to do this there is infinite login process. I don't understand, why is this broken. Now i want to change my enroll program to organization type and i have DUNS. Can you help me?

◆premise ① We are planning to use self-produced App (published in AppStore) which is installed on our iPad in a closed network. ② We will implement the update of the app automatically. ◆Question In order to allow the automatic update of the app in AppStore, do we need to allow communication with servers or domains? If it is a case, could you tell us the port number for this connection?

We are an MDM and are trying to migrate to the new App and Book Management APIs. In this doc mentioned below it asking us to send the public key generated to my Apple contact in a plain-text file. https://developer.apple.com/documentation/devicemanagement/app_and_book_management/apps_and_books_for_organizations/generating_developer_tokens?language=objc I'm not sure who my Apple contact is? I already understand how to generate JWT token for the api.ent.apple.com. I would like to know who can authorize the public key for the organization. Thank you

Hello Apple Community, I've been delving into the realm of time-based activation predicates through DDM. In my recent pursuits, I've been experimenting with the device's local time to evaluate a predicate expression and apply activation configurations. Is it possible to achieve this? Our DDM currently leverages device status items and server management properties to activate predicates. These predicates come to life when the logic becomes true, initiating activations seamlessly. While the Apple Predicate Guide provides a solid foundation, I've encountered some challenges when it comes to time-based expressions. The guide covers basics such as context and numerical-based predicates, but I find myself seeking more clarity on implementing time-based logic effectively. If any of you have insights, tips, or experiences to share regarding time-based activation predicates expressions in declarative device management, your input would be immensely valuable. I'm particularly interested in understanding practical approaches and gaining a deeper comprehension of the nuances involved. Thank you in advance.

We are working with MDM service using VPP API, and trying to migrate Legacy APIs to new App and Book Management APIs. This document says Send the public key you generate to your Apple contact in a plain-text file. Do not share the private key. Also provide a brief description of your use case and product. I generated a key-pair and sent the public key to Apple Developer Program support, however they didn't know how to handle it. What means "your Apple contact" here? I already understand how to generate JWT token for the api.ent.apple.com. I want to know who authorize the public key for the organization. Thank you,

I have an ad-hoc app that our company uses internally. I am at a different physical location than where the app is used (on iPad mini 4 units). Is there any way I can remotely update the app from my location? One solution I thought of was to use TestFlight, but that creates an app that will expire in 90 days and has potential for long term problems if it expires before an update. Currently I have to go and gather all the iPads and bring them to my location, install the updates by plugging each unit into my iMac. Is there a better way to do this? Can this be done with DeviceManagement? (assume I know nothing about this)

We are experiencing issues with transmitting MDM push. Some are successfully transmitting, but the majority are failing. The following message occurred on the server: java.util.concurrent.ExecutionException: io.netty.channel.AbstractChannel$AnnotatedSocketException: Network is unreachable: api.push.apple.com/2620:149:208:430f:0:0:0:a:443 java.util.concurrent.ExecutionException: io.netty.channel.AbstractChannel$AnnotatedSocketException: Network is unreachable: api.push.apple.com/2620:149:208:4303:0:0:0:b:443 java.util.concurrent.ExecutionException: io.netty.channel.AbstractChannel$AnnotatedSocketException: Network is unreachable: api.push.apple.com/2620:149:208:430c:0:0:0:b:443 java.util.concurrent.ExecutionException: io.netty.channel.AbstractChannel$AnnotatedSocketException: Network is unreachable: api.push.apple.com/2620:149:208:430b:0:0:0:a:443 java.util.concurrent.ExecutionException: io.netty.channel.AbstractChannel$AnnotatedSocketException: Network is unreachable: api.push.apple.com/2620:149:208:4303:0:0:0:b:443 java.util.concurrent.ExecutionException: io.netty.channel.AbstractChannel$AnnotatedSocketException: Network is unreachable: api.push.apple.com/2620:149:208:4306:0:0:0:d:443 Apple system status was normal. Since some are successfully transmitting, we suspect that the issue may not be related to the network.

After assigning VPP application license and installing the app in device, I revoked the license while it was still installed. However, I was able to use the app even after 30 days. I think this app is not available in ASM(Apple School Manager) specification. Is this specification applied in ABM(Apple Business Manager)? I found this discription in ASM, but I couldn't find it in ABM. https://www.apple.com/au/education/docs/VPP_Education_Guide_EN_Oct13.pdf “When apps you’ve assigned are no longer needed by a user, you can revoke and reassign them to different users. The user gets a 30-day grace period to continue to use the app, save data, or buy a personal copy. ”

We would like to be able to control when MDM-enrolled Mac users are notified that their passcode is going to change. The current MDM password settings available for macOS devices does not allow MDM Admins to define when a user should be notified that their passcode is going to change.

Hello, I was publishing for my organization a new IOS App (for IPhone devices). This App use intranet endpoints to consume apis and auth services, and will be published under our company store and using our MDM. The idea is that the MDM install an in-app vpn when you install the aplication, and it works in the IOS device. During revision phase in applestore connect, the app was rejected, and they expose that app does not work (because if you haven't conexion to intranet, the app is in white and can't be used). What is the proper way to proceed? I mean, I has been 4 days talking in the revision comments, and they don't provide me a clear solution. They told me that the app should have a "demo" version. But, what I consider we can do is expose temporally to internet same services that the app use, and update a binary file using internet ednpoints to be validated, and later, change them to intranet endpoint in a new binary, but I don't know if for the second revision I would get a new rejection... They didn't provide me feeback about what to do in this cases, and redirected me to this forum... The idea is only use this application under our VPN organization, and only use intranet endpoint for security reasons we have under the application. Do you have a same issue or you know better about the way to proceed?