Hello Apple Community,
Issue encountered during the installation of an app via DDM (Declarative Device Management) on iOS 17.3 devices.
When applying an app configuration and managed app list status event through declarative management, the configuration is successfully applied, but the configured app is not being installed on the device. Upon closer inspection, we have identified that the error "ManagedAppDistribution.ManagedAppDistributionError" is being logged during this process.
My Configuration:
{
"Type": "com.apple.configuration.app.managed",
"Identifier": "com.mdm.1740e623-4361-498d-af02-b433500d58bd.ManagedAppDDM",
"ServerToken": "1706282674113",
"Payload": {
"AppStoreID": "361309726",
"InstallBehavior": {
"License": {
"VPPType": "Device"
},
"Install": "Required"
}
}
}
{
"Type": "com.apple.configuration.management.status-subscriptions",
"Identifier": "com.mdm.9c70c80f-406a-425a-8829-1025652f05c6.ManagedAppListStatus",
"ServerToken": "1706282673976",
"Payload": {
"StatusItems": [
{
"Name": "app.managed.list"
},
{
"Name": "mdm.app"
},
{
...
}
]
}
}
DDM Response:
{
"StatusItems": {
"management": {
"declarations": {
"activations": [
{
"active": true,
"identifier": "DEFAULT_ACT_0",
"valid": "valid",
"server-token": "1706282674113"
}
],
"configurations": [
{
"active": true,
"identifier": "DEFAULT_STATUS_CONFIG_0",
"valid": "valid",
"server-token": "3"
},
{
"active": true,
"identifier": "com.mdm.1740e623-4361-498d-af02-b433500d58bd.ManagedAppDDM",
"valid": "valid",
"server-token": "1706282674113"
},
{
"active": true,
"identifier": "com.mdm.9c70c80f-406a-425a-8829-1025652f05c6.ManagedAppListStatus",
"valid": "valid",
"server-token": "1706282673976"
}
],
"assets": [],
"management": []
}
}
},
"Errors": [
{
"Reasons": [
{
"Code": "ManagedAppDistribution.ManagedAppDistributionError.0",
"Description": "The operation couldn’t be completed. (ManagedAppDistribution.ManagedAppDistributionError error 0.)"
}
],
"StatusItem": "app.managed.list"
}
]
}
Note : The ManagedAppDistribution framework extension appears to not be implemented in this context.
Kindly help us with this issue. Thanks in advance.
Device Management
RSS for tagAllow administrators to securely and remotely configure enrolled devices using Device Management.
Post
Replies
Boosts
Views
Activity
Please tell me about the NotNow status returned by the MDM command for Apple devices.
◾️I would like to check
I am aware that there are some MDM commands that return a status NotNow when the device is locked and the command cannot be executed.
I am aware of InstallProfileCommand and SecurityInfoCommand.
https://developer.apple.com/documentation/devicemanagement/installprofilecommand
https://developer.apple.com/documentation/devicemanagement/securityinfocommand
Please answer the following two questions.
◾️Question
I would appreciate an answer with the official name of the command and the URL of the command's reference, if possible.
Question 1
Please tell us if there are commands other than InstallProfileCommand and SecurityInfoCommand that return status NotNow because the command cannot be executed if the terminal is locked.
Question 2
Please tell us if any of the following commands return the status NotNow because the command cannot be executed if the terminal is locked.
DeviceConfiguredCommand
AvailableOSUpdatesCommand
ScheduleOSUpdateCommand
OSUpdateStatusCommand
Hello, Dear Engineers
I have distributed a management profile from Aplle Configurator to my terminal with reference to the following document
https://developer.apple.com/documentation/devicemanagement/cellularprivatenetwork
Situation:
We tested the device in an environment where both Wi-Fi and cellular connections were available,
Wi-Fi seemed to have priority in the operation.
This is because CellularDataPreferred, which is set in the distributed management profile, is enabled,
I would like cellular to be given priority.
I am using iPhone 15 (iOS 17.1.2).
Question:
・Is there anything else missing besides the Profile Example to make CellularPrivateNetwork's Device Management Profile work properly?
・Has anyone confirmed that CellularPrivateNetwork's Device Management Profile works correctly?
BestRegards
hi!
https://developer.apple.com/documentation/devicemanagement/applayervpn
I have a question about AssociatedDomains in the AppLayerVPN reference above.
From the description, I believe that this property triggers the VPN when the app is launched with a universal link and connects to the domain specified in AssociatedDomains.
Is that correct in your understanding?
I specified "twitter.com" as a test, and the VPN was not triggered when the universal link was executed from safari, etc.
How can I make a VPN connection with the domain connection specified in the AssociatedDomains property?
If you could please let us know with some real life examples.
I will pass on your thanks in advance.
Thanks.
Push notification for PWA app is supported on iOS >= 16.4.
I want to restrict app usage using Restriction payload of configuration profile. Formerly we could it by defining a restriction like this. (actually via MDM)
<key>whitelistedAppBundleIDs</key>
<array>
<string>com.apple.webapp</string>
</array>
However on iOS >= 17.0, the notification setting of the PWA app is disappeared!!
Without the restriction payload, or with the restriction payload without whitelistedAppBundleIDs, the notification setting for the PWA app is shown as expected.
Also we discovered that the issue can be avoided by adding com.apple.WebKit.PushBundle.xxxxxx into the restriction payload.
<key>whitelistedAppBundleIDs</key>
<array>
<string>com.apple.webapp</string>
<string>com.apple.WebKit.PushBundle.7880D99FB56F4FF7B5DC019E0EDBCBD0</string>
</array>
com.apple.WebKit.PushBundle.7880D99FB56F4FF7B5DC019E0EDBCBD0 can be found with console log using Apple Configurator.
However it cannot be found via MDM command (ex. InstalledApplicationList). We want to configure and install the restriction payload into multiple devices via MDM.
So how can we know the com.apple.WebKit.PushBundle.xxxxxx via MDM? or how can we enable push notification settings for PWA apps with restriction payload?
Thank you
I'm encountering a strange issue with PPPC configuration files and app visibility in Security & Privacy for standard users on the latest macOS version.
The Scenario:
I created a PPPC file granting accessibility and screen recording permissions for my app.
I deployed the PPPC file to devices using MDM.
Surprisingly, the app doesn't appear under Security & Privacy > Privacy > Screen Recording or Accessibility for standard users.
However, if I remove the PPPC file, the app instantly shows up in those locations.
What I've Tried:
Double-checked the PPPC file syntax and permissions configuration.
Redeployed the PPPC file and verified successful installation on devices.
Restarted devices and re-registered the MDM profile.
The Impact:
This issue prevents standard users from granting my app the necessary permissions through the standard system interface. They require admin intervention to grant permissions manually, which is inconvenient and not ideal for our workflow.
Seeking Help:
I'm reaching out to the community for any insights or suggestions on resolving this issue. Has anyone encountered a similar problem with PPPC files and standard user permissions? Any advice or potential solutions would be greatly appreciated!
I tried the new feature of iOS 17.2 com.apple.configuration.app.managed
A configuration and its activation are defined with the data like this.
{
"Identifier": "389459bf-0902-58dd-be0e-11c83c695a8b",
"Type": "com.apple.configuration.app.managed",
"Payload": {
"InstallBehavior": {
"Install": "Required",
"License": {
"VPPType": "Device"
}
},
"BundleID": "com.microsoft.Office.Powerpoint"
},
"ServerToken": "..."
}
After distributing the configuration with DeclarativeDevicement MDM command, an error is notified via status channel app.managed.list.
{
"active": true,
"identifier": "389459bf-0902-58dd-be0e-11c83c695a8b",
"valid": "valid",
"server-token": "21b95e4cb0b616a3ac77a5905ed08756fa36f605ad1a30a9bd347a4a8092532c"
},
"app": {
"managed": {
"list": [
{
"state": "failed",
"declaration-identifier": "389459bf-0902-58dd-be0e-11c83c695a8b",
"identifier": "com.microsoft.Office.Powerpoint",
"name": "Microsoft PowerPoint",
"reasons": [
{
"code": "Error.LicenseNotFound"
}
]
},
After VPP license for the app is assigned, I tried to issue DeclarativeManagement command again.
However iOS device doesn't fetch the configuration because it is not changed. App installation is not retried even after the valid license is assigned.
How can we trigger the retrying installation?
Thank you
I want to control one iPhone from another iPhone remotely and both of the phones in different places. How to do that ?
Using Web Driver Agent how can we achieve this ?
We need to capture the frames as well every second like screenshots
We are facing issue SSO from some days its was working fine few days before.
In apple devices, we are facing issue that once user enters the username and password, it is asking again when user logs in.
All things were fine no changes in system only thing, this issue started happening for may be iOS 16 updated.
We have implemented SSO using Microsoft AD.
Things working for all other OS (Windows, Android) except iOS.
IMAP is again broken... this has happened with many prior iOS betas
Is there a way to check in code if a device is under Mobile Device Management? We want to show the users a different screen in the app if it is under device management. This is primarily for devices under Apple School Manager or something similar
I am experiencing issues when pushing the "WiFi Lock" profile via MDM or the "Join only Wi-Fi networks installed by a Wi-Fi payload'" Restriction via Apple configurator 2.
I am pushing a WiFi Authentication profile along side it which means that the wifi lock profile is suppose to force the device to only be able to connect to the wifi authentication profile that was pushed to the device via MDM.
However, what end up happening, the device "forgets" or does not recognize the pushed wifi auth profile that it has after device reboot. It ends up not showing any available wifi networks and wont allow the device to connect to wifi.
The only way i can fix it, is if i push the wifi authentication profile to the device again via cellular. It then remembers it and will connect. But as soon as the device reboots and sometimes it does not even need to reboot it will forget it.
What could be going on with this?
Hi Team, The User Enrollment introduced by Apple back was really great I was trying to test out that .As per the implementation details provided by apple for Simple Authentication - User Enrollment Flow.
Below are the steps I followed to implement it.
Step 1) Making a /.well-known/com.apple.remotemanagement url and sending a json as for byod which apple has detected successfully.
Step 2) Apple making a POST request to BaseServer URL of MDM to get enrollment profile ( At this Step as there is not Authorization header I sent a 401 with WWW-Authenticate header with scheme and url as mentioned by apple)
Step 3) Apple has requested With GET to get the html page to show to the user from the url mentioned in WWW-Authenticate header.
Step 4) Here there is a tweak the HTML page I actually shown doesn't contains any form as it is for testing purposes. I Simply had a button which upon clicking sends a POST to my url with empty JSON using axios library where from the server I sent a 308 redirect with Location header as mentioned by apple apple-remotemanagement-user-login://authentication-results?access-token=dXNlci1pZGVudGl0eQ
Where after I expect the ASWebAuthenticationSession to end and apple to start Second Enrollment attempt with acces token as Authorization Bearer token But the Screen showing the HTML page doesn't go away and neither apple started any steps to get the Enrollment profile from MDM server . Am I commiting any mistakes here.Could you please help on going with it.
Anyone know what the DeclarationType string values are for the Asset declarations?
UserIdentity asset defines the type as com.apple.asset.useridentity.
There is no such value for UserNameAndPasswordCredentials.
Has anyone been able to install this type of declaration?