We are experiencing issues with MDM Enrolled devices as the devices do not contact the MDM server randomly even on successful APNS notification.
As documented by Apple, the device sends a Token update message when MDM Profile is installed in the device and whenever there is an OS update.
We could see that device randomly loose connection with the MDM server over a period of time. We have verified that MDM sends notifications with the information received from the latest TokenUpdate from devices, however, few devices never seem to send token update messages to the MDM server nor respond to APNS wakeup.
Currently, we are reinstalling MDM Profile in devices to trigger Token update again and to revive the device MDM contact. But as you can imagine for large enterprises this involves user intervention and becomes difficult to manage.
It would be great if the Apple MDM team can clarify below
- What are the cases device sends TokenUpdate message to MDM
- What happens when the MDM server is not reachable during the first attempt of the Token update. As in many cases, the MDM server may not always be reachable to the device during OS update events etc.
- Is there any way to trigger Token update on iOS and macOS manually without reinstalling the MDM Profile again?
- It would be better designed if devices send Token updates often until it's acknowledged by MDM Server.
Similar issues are reported in past: https://developer.apple.com/forums/thread/28918 https://developer.apple.com/forums/thread/671878