I sent the description file through MDM in advance and configured the system extension and web content filter. When my code uses activationRequestForExtension:queue: to activate the system extension, other security app processes will be killed. I received the following message. May I ask why this may be? 2024-09-02 11:42:19.737229 (gui/501/killed_bundleid [679]) : exited due to SIGPIPE | sent by killed_app[679], ran for 301372ms 2024-09-02 11:42:19.737239 (gui/501/killed_bundleid [679]) : service state: exited 2024-09-02 11:42:19.737245 (gui/501/killed_bundleid [679]) : internal event: EXITED, code = 0 2024-09-02 11:42:19.737247 (gui/501/killed_bundleid [679] ]) : job state = exited 2024-09-02 11:42:19.737274 (gui/501 [100003]) : service inactive: killed_bundleid 2024-09-02 11:42:19.737277 (gui/501/killed_bundleid [679]) : service state: not running 2024-09-02 11:42:19.737282 (pid/679 [killed_app]) : shutting down 2024-09-02 11:42:19.737310 (pid/679 [killed_app]) : cleaning up

Hi, Team: Is there any difference in the underlying logic between starting the network filter by configuring the MDM description file through the first connection below and starting the network filter through the second connection in the code? First connection：https://developer.apple.com/documentation/devicemanagement/webcontentfilter?language=objc Second connection： https://developer.apple.com/documentation/networkextension/nefiltermanager?language=objc

I am experiencing issues when pushing the "WiFi Lock" profile via MDM or the "Join only Wi-Fi networks installed by a Wi-Fi payload'" Restriction via Apple configurator 2. I am pushing a WiFi Authentication profile along side it which means that the wifi lock profile is suppose to force the device to only be able to connect to the wifi authentication profile that was pushed to the device via MDM. However, what end up happening, the device "forgets" or does not recognize the pushed wifi auth profile that it has after device reboot. It ends up not showing any available wifi networks and wont allow the device to connect to wifi. The only way i can fix it, is if i push the wifi authentication profile to the device again via cellular. It then remembers it and will connect. But as soon as the device reboots and sometimes it does not even need to reboot it will forget it. What could be going on with this?

Hi all, We've been given the opportunity to beta test an app at my school and we have been asked to download the Test Flight app to enable it to run. Unfortunately it's not possible to use Test Flight with a managed Apple ID. All our staff and pupils' iPads are signed in with a managed Apple ID. It's a shame to pass up this opportunity, but I can't see any way around it... does anyone have any alternatives (apart from creating and using a non-managed Apple ID, which isn't feasible). Thanks in advance, Jacob

When I trusted my certificate in 'Setting'->'VPN & Device Management', my device reboot automatically. After reboot, it showed that "developer of My Team is not trusted in this iPhone", but the app is "verified" in the second column. The UI looks like: iOS18 beta: First Col: Trust "My Team" Second Col: MyApp Verified Other versions: First Col: Delete App Second Col: MyApp Verified What's more, my app has plugins(extensions), my app can run normally while the extension is not able to be pulled up on iOS18 beta.

Hi,Team: I successfully installed the system extension through MDM and want to uninstall it through RemovableSystemExtensions, but this command does not support versions below macOS 12. Is there any other way to pause or uninstall the system extension? Can I delete the configuration file that allows system extensions through MDM? Or send and delete the configuration file of AllowedSystemExtensions?

Hi, Team: I developed a network filter and used MDM to issue a description file. By configuring AllowedSystemExtensions, I can avoid the reminder of loading system extensions during installation. However, when savingToPreferencesWithCompletionHandler, I will still be reminded that my network data is monitored. How can I configure MDM to avoid this reminder? And why can I still delete the filter from the network filter conditions even though I configured it in mobileconfig in the following way. NonRemovableFromUISystemExtensions com.mysystemextensionid

Hi, I am using the Create Report functions under Payments and Financial Reports. Does anyone know what is the time zone that Apple use for that report?

Hello, I have received Enterprise.license from Apple and I am trying to implement main Camera access for Vision Pro by following https://developer.apple.com/videos/play/wwdc2024/10139/. Here is my camera function. func takePicture() async { let formats = CameraVideoFormat.supportedVideoFormats(for: .main, cameraPositions:[.left]) let cameraFrameProvider = CameraFrameProvider() var arKitSession = ARKitSession() var pixelBuffer: CVPixelBuffer? await arKitSession.queryAuthorization(for: [.cameraAccess]) do { try await arKitSession.run([cameraFrameProvider]) } catch { return } guard let cameraFrameUpdates = cameraFrameProvider.cameraFrameUpdates(for: formats[0]) else { return } for await cameraFrame in cameraFrameUpdates { guard let mainCameraSample = cameraFrame.sample(for: .left) else { continue } pixelBuffer = mainCameraSample.pixelBuffer let image = UIImage(ciImage: CIImage(cvPixelBuffer: pixelBuffer!)) print(image) UIImageWriteToSavedPhotosAlbum(image, nil, nil, nil) } } } My problem is debug stops at this line. guard let cameraFrameUpdates = cameraFrameProvider.cameraFrameUpdates(for: formats[0]) else { return } Why does it happen so and what else do I need to do?

The customer's ABM account has been locked，i can't get token with DEP Server Token.Is there any ways to release device from ABM with some api or softwares. I hope no remote management page during the activation process settings after i restore factory settings. Thanks in advance.

In MDM Software Update settings(https://developer.apple.com/documentation/devicemanagement/softwareupdate), there is a key "restrict-software-update-require-admin-to-install" which apparently controls if the standard users are allowed to install apps and software updates. But so far, even if this is set to true, a standard user is able to download apps from Appstore. We noticed that when we publish a pkg to be installed via MDM, then that does not get installed if the above setting is set to true. Please provide clarity on what this setting controls.

Is there any good framework that can be used in educational app as Learning Management System (LMS). Should be full fledge for creating courseware for E Learning App. Should be compatible with all Apple Platforms. Any help or link will be greatly appreciated. As I didn't found anything that mentions designed for Xcode. All LMS belong to Web based apps.

In the latest macOS 15 system, we've noted that end users have the capability to disable and prevent the launch of system extensions via system settings. I'm curious to know whether Apple plans to offer MDM configurations to deter end users from performing such actions.

We have encountered an issue while developing our own Apple MDM solution. The issue occurs in the activation lock scenario. We have implemented the activation and deactivation of the activation lock feature in accordance with the following documentation. 1:https://developer.apple.com/documentation/devicemanagement/activation_lock_a_device 2:https://developer.apple.com/documentation/devicemanagement/device_assignment/activation_lock_a_device/creating_and_using_bypass_codes#3734453 Activationlock Request URI : https://mdmenrollment.apple.com/device/activationlock Request Method : POST Request Headers : [Accept:"text/plain, application/json, application/*+json, /", X-ADM-Auth-Session:"1723449441118O1O649496FAD285FDC77565EC075E770547O90695212BB76419F8E43B2F68BE7A6C6O67033512O11Op1OA0EA85747E70D2D6941C4F6662166CAF22C2193COC298C61ECC7B9E9C14EB2A20305F7E41", X-Server-Protocol-Version:"3", Content-Type:"application/json", Content-Length:"133"] Request Body : {"device":"K2LP4HQXJ4","escrow_key":"QRV7D-JPPMQ-Z90N-1VN8-L1PN-45Q2","lost_message":"xxxxx"} Response : {"serial_number":"K2LP4HQXJ4","response_status":"SUCCESS"} escrowKeyUnlock Request URI : https://deviceservices-external.apple.com/deviceservicesworkers/escrowKeyUnlock?serial=K2LP4HQXJ4&imei=357174298879232&meid=35717429887923&productType=iPhone14,2 Request Method : POST Request Headers : [Accept:"text/plain, application/json, application/*+json, /", Content-Type:"application/x-www-form-urlencoded", Content-Length:"189"] Request Body : orgName=xxxxx&guid=xxxxx&escrowKey=QRV7D-JPPMQ-Z90N-1VN8-L1PN-45Q2 Response : 404 <ns:escrowKeyDeviceServicesResponse version="1" xmlns:ns="http://www.apple.com/cds/mdmescrowKeyDeviceServices/xml"></ns:escrowKeyDeviceServicesResponse> Who can help me check if there are any errors in the way I'm calling these two APIs, and how to correct them?

I use then interface https://developer.apple.com/documentation/devicemanagement/device_assignment/activation_lock_a_device/creating_and_using_bypass_codes#3734453 to remove Activation Lock。 request url：https://deviceservices-external.apple.com/deviceservicesworkers/escrowKeyUnlock?serial=***&productType=***&imei=***&meid=*** then body is escrowKey、orgName、guid and use APNs certificate when establishing the SSL connection but return me：<ns:escrowKeyDeviceServicesResponse version="1" xmlns:ns="http://www.apple.com/cds/mdmescrowKeyDeviceServices/xml"></ns:escrowKeyDeviceServicesResponse>

Hi. I'm trying to use the following command to set a wallpaper on an iPhone : /usr/local/bin/cfgutil -K "/Users/ladmin/Downloads/privateKey.der" -C "/Users/ladmin/Downloads/publicCert.der" --ecid 0xE64120151001E set-wallpaper -s home "/Users/ladmin/Downloads/mickey-iPhone-12-Pro-12-wallpaper.png" The answer is always : --- Summary --- Operation "set-wallpaper" failed on 1 devices. cfgutil: error: An internal error occurred. Unknown service request error. (Domain: ConfigurationUtilityKit.error Code: 100) The same type of command works with an iPad. Apple Configurator 2 can set the wallpaper on the iPhone. Is there something different to do with cfgutil when setting a wallpaper on an iPhone ? Thanks for your insights ! Franck

Currently system extension need to be activate through an .app, and then need to manual allow in System Settings, Privacy and Security Pane with root user password How to install driver extension/system extension without any manual user click and just to install and allow all the permission using script?

I would like to inquire if I can use screenshots from maps for specific areas in my application. I plan to add various markers to the screenshots, which can be clicked to identify different types of areas, such as restaurants and bars. Do I need a separate permission for this, and if so, where can I obtain it? Is it possible to implement this, and what copyright considerations do I need to take into account for my business idea?

The Check-in API is now used for declarative device management in addition to MDM authentication and token updates. We would like to set a different endpoint for DDM requests only than for MDM authentication So is it possible to configure different Check-in API endpoint for MDM and DDM? For example, we would like to split the endpoints as follows Endpoints for MDM authentication and token update yourmdmhost.example.com/checkin Endpoint for DDM yourmdmhost.example.com/ddm-chcekin Check-in API Documentation https://developer.apple.com/documentation/devicemanagement/check-in

Yesterday, OpenSSH disclosed a critical RCE vulnerability that affects all instances of OpenSSH and released a patch to fix this vulnerability. As a result, do we have any official word from Apple as to when this vulnerability will be fixed? This weakness exposes every macOS device without a strict firewall configured. Reading Link: https://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html