Is there any details or documentation on how the new "minimum required version" will be configured or when it will be available to be set in the ADE/DEP profiles?
Hi there, this feature actually doesn't use the ADE/DEP profile. Take a look at this documentation over on our Open Source schema page: https://github.com/apple/device-management/blob/seed_iOS-17-0_macOS-14-0/mdm/errors/softwareupdate.required.yaml.
The steps are when you receive the MachineInfo (https://github.com/apple/device-management/blob/release/other/machineinfo.yaml) response from the device. Using that you'll be able to check MDM_CAN_REQUEST_SOFTWARE_UPDATE, SUPPLEMENTAL_BUILD_VERSION and SUPPLEMENTAL_OS_VERSION_EXTRA. If the values do not match the expected version you can then send the error response above. Once the device receives that error it will kick off the update process for the user.
Thanks for the reply. I'd have 2 additional questions:
which error should be replied by the server ? WWDC sessions says "The MDM will send a JSON 403 response when the device requests the enrollment profile", but JSON is the format of the content, while 403 is at HTTP layer. Should it just be 403 with empty content ?
comparing versions is quite straightforward, but is there any guidance / documentation related to supplemental versions ? For instance, my test iPad would return:
<key>OS_VERSION</key>
<string>17.0</string>
<key>PRODUCT</key>
<string>iPad12,1</string>
<key>SUPPLEMENTAL_BUILD_VERSION</key>
<string>21A5248v</string>
<key>VERSION</key>
<string>21A5248v</string>
Obviously, testing if the version is the one we expect is simple, but I guess that most of the time organizations are asking for a minimum version requirement, which means that we need to test if device VERSION / SUPPLEMENTAL_BUILD_VERSION is more recent than the organization requires. I assume the build number could be parsed...
