Not sure if declarative management is enabled

Question

Created Oct ’23

Replies 2

Boosts 0

Participants 2

I am sending DeclarativeManagement with the MDM command, but it seems that it is not valid even if I send it to declaration-items What can you think of?

iOS 16

MDM Command

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Command</key>
<dict>
<key>Data</key>
<data>
eyJTeW5jVG9rZW5zIjp7IlRpbWVzdGFtcCI6IjIwMjMtMTAtMThUMTE6MDY6MDJaIiwi
RGVjbGFyYXRpb25zVG9rZW4iOiJiNjU0NDAyN2EzMTVjZDAwODVkNGNmMDgxNzQ2MjRj
MmQxNDI0NDQ4MDQzMGE4N2IxNzZhMjcyN2U3MzY2MDA5In19
</data>
<key>RequestType</key>
<string>DeclarativeManagement</string>
</dict>
<key>CommandUUID</key>
<string>3398d0c0-8b36-4647-86ab-6a63f26d1576</string>
<key>UDID</key>
<string>XXXXXXX-ZZZZZZZZZZZZZz</string>
</dict>
</plist>

declaration-items Rersponse(json)

{
  "DeclarationsToken": "1429e356-c51a-42a3-aff2-22963df30202",
  "Declarations": {
    "Assets": [

    ],
    "Management": [
      {
        "Type": "com.apple.management.organization-info",
        "Identifier": "e07d18d6-4ec6-432a-b474-9b8816d029a2",
        "ServerToken": "4922d69c-c231-426d-9598-c3acb612069e",
        "Payload": {
          "Email": "email@example.com",
          "Name": "Acme Inc",
          "URL": "https://www.example.com"
        }
      }
    ],
    "Configurations": [
      {
        "Type": "com.apple.configuration.legacy",
        "Identifier": "84fe24b1-ac21-4a29-b279-70f715b3ac82",
        "ServerToken": "0283b145-5791-4d7a-8a8e-7690e3a6db98",
        "Payload": {
          "ProfileURL": "https://gist.githubusercontent.com/jessepeterson/5a633f627bfc23f74153add89aee07f1/raw/f27458e05fd01b8ff9e7872a54aa2d543131afaa/cert-profile.mobileconfig"
        }
      },
      {
        "Type": "com.apple.configuration.passcode.settings",
        "Identifier": "1f0ce810-6c6b-4021-86ae-2844396e58f8",
        "ServerToken": "791e16ff-2011-4468-a201-de531d0c2326",
        "Payload": {
          "RequirePasscode": true,
          "RequireComplexPasscode": false,
          "RequireAlphanumericPasscode": false
        }
      },
      {
        "Type": "com.apple.configuration.management.status-subscriptions",
        "Identifier": "004b8c95-3500-4ac8-9480-54311a462929",
        "ServerToken": "888a4935-ef8d-4286-8c39-776fd8675f57",
        "Payload": {
          "StatusItems": [
            {
              "Name": "device.identifier.serial-number"
            },
            {
              "Name": "device.identifier.udid"
            },
            {
              "Name": "device.model.family"
            },
            {
              "Name": "device.model.identifier"
            },
            {
              "Name": "device.model.marketing-name"
            },
            {
              "Name": "device.operating-system.build-version"
            },
            {
              "Name": "device.operating-system.family"
            },
            {
              "Name": "device.operating-system.marketing-name"
            },
            {
              "Name": "device.operating-system.supplemental.build-version"
            },
            {
              "Name": "device.operating-system.supplemental.extra-version"
            },
            {
              "Name": "device.operating-system.version"
            },
            {
              "Name": "mdm.app"
            },
            {
              "Name": "passcode.is-compliant"
            },
            {
              "Name": "passcode.is-present"
            },
            {
              "Name": "test.array-value"
            },
            {
              "Name": "test.boolean-value"
            },
            {
              "Name": "test.dictionary-value"
            },
            {
              "Name": "test.error-value"
            },
            {
              "Name": "test.integer-value"
            },
            {
              "Name": "test.real-value"
            },
            {
              "Name": "test.string-value"
            }
          ]
        }
      }
    ],
    "Activations": [
      {
        "Type": "com.apple.activation.simple",
        "Identifier": "90cb68bc-c37d-40cc-8cef-b462947329b2",
        "ServerToken": "26985dc4-b0a0-43ef-afae-6ad3e89d5b9d",
        "Payload": {
          "StandardConfigurations": [
            "e07d18d6-4ec6-432a-b474-9b8816d029a2",
            "84fe24b1-ac21-4a29-b279-70f715b3ac82",
            "1f0ce810-6c6b-4021-86ae-2844396e58f8",
            "004b8c95-3500-4ac8-9480-54311a462929"
          ]
        }
      }
    ]
  }
}

Answered by Device Management Engineer in 768993022

The declaration items response is wrong. That response is only a "manifest" of the declarations. The manifest is just lists of declaration Identifier and ServerToken values. The device then uses that to determine which declarations actually need to be fetched (ones that are new or updated), and there are separate individual requests to fetch each of those.

{
  "Declarations": {
    "Activations": [
      {
        "Identifier": "9FB8AB00-87D3-402E-A78A-E1BCD6C3C4A1",
        "ServerToken": "5DDAF91B-5EE5-48AC-97B7-BEC1B5DFAD50"
      },
      {
        "Identifier": "33704A61-B8C3-45DD-800B-4BB6CB1B5D2B",
        "ServerToken": "47E8014F-B498-4563-A453-F14A3C91E4DD"
      }
    ],
    "Configurations": [
      {
        "Identifier": "A4B9AC6A-2091-4697-B688-366F5C0A96A2",
        "ServerToken": "D4870F36-BD74-4C2A-BF40-FFFF1DE41B0A"
      },
      {
        "Identifier": "3FC3C4CD-FF0E-437B-88B7-5A112E956302",
        "ServerToken": "D9B9FC7A-FFC5-4FCB-8B5A-86F12E5202CC"
      }
    ],
    "Assets": [],
    "Management": [
      {
        "Identifier": "09284283-AE6E-4AA7-8363-6DF6A1CD9E9C",
        "ServerToken": "1b32bedcaa52c1561367cd2b0a5bba0d2f20bd059ba70a0517495efb73aff926"
      },
      {
        "Identifier": "DDAE7DB0-476F-4783-AA07-9DE4717B1EB9",
        "ServerToken": "c2727e88b1b544704789a9bdefcd6d5b5cfcea57ca4bf82d786232e79a94c511"
      }
    ]
  },
  "DeclarationsToken": "6659eaeff527d3677b0d27c40de51e2d9831eaf395a8fad90049b9a97b70da96"
}

Boost

Answer 1

Device Management Engineer OP

Apple

Oct ’23

Accepted Answer

The declaration items response is wrong. That response is only a "manifest" of the declarations. The manifest is just lists of declaration Identifier and ServerToken values. The device then uses that to determine which declarations actually need to be fetched (ones that are new or updated), and there are separate individual requests to fetch each of those.

{
  "Declarations": {
    "Activations": [
      {
        "Identifier": "9FB8AB00-87D3-402E-A78A-E1BCD6C3C4A1",
        "ServerToken": "5DDAF91B-5EE5-48AC-97B7-BEC1B5DFAD50"
      },
      {
        "Identifier": "33704A61-B8C3-45DD-800B-4BB6CB1B5D2B",
        "ServerToken": "47E8014F-B498-4563-A453-F14A3C91E4DD"
      }
    ],
    "Configurations": [
      {
        "Identifier": "A4B9AC6A-2091-4697-B688-366F5C0A96A2",
        "ServerToken": "D4870F36-BD74-4C2A-BF40-FFFF1DE41B0A"
      },
      {
        "Identifier": "3FC3C4CD-FF0E-437B-88B7-5A112E956302",
        "ServerToken": "D9B9FC7A-FFC5-4FCB-8B5A-86F12E5202CC"
      }
    ],
    "Assets": [],
    "Management": [
      {
        "Identifier": "09284283-AE6E-4AA7-8363-6DF6A1CD9E9C",
        "ServerToken": "1b32bedcaa52c1561367cd2b0a5bba0d2f20bd059ba70a0517495efb73aff926"
      },
      {
        "Identifier": "DDAE7DB0-476F-4783-AA07-9DE4717B1EB9",
        "ServerToken": "c2727e88b1b544704789a9bdefcd6d5b5cfcea57ca4bf82d786232e79a94c511"
      }
    ]
  },
  "DeclarationsToken": "6659eaeff527d3677b0d27c40de51e2d9831eaf395a8fad90049b9a97b70da96"
}

0

Answer 2

shigeharu_matsumoto OP

Oct ’23

I see, declaration-items only needs to return a set of Identifier and ServerToken, and then sends a payload for each requested parameter. I will check it.

0