Hi Team, We are planning to automate ABM export. We dont want to download export which contains device inventory for example, S/N, IMEI, Reseller ID, etc. Is there any way to automate it or has Apple made their APIs available? Any help would be appreciated. Regards!

Hi, My employer has Apple developer account and they want to distribute the application through Microsoft Intune for employees only. However when I checked the MS Intune distribution documentation they have mentioned we should have Apple Enterprise account and distribute the app as In house/ Ad hoc app. To distribute the app through Intune we need to use their wrapping tools which needs IPA generated through enterprise certificate and profile. Employer also has Apple Business Manager account and as per Apple documentation we can distribute the app in organization through ABM. Its really confusing to finalize which path to follow. I need your help to guide me in right direction.

When making a GET request to the ABM Account API at https://mdmenrollment.apple.com/account, we receive a response that includes an org_email field. However, we’ve noticed that the value of org_email varies. Sometimes it corresponds to an account with the role of Administrator, while other times it comes from account with roles Device Enrolment Manager, Content Manager and People Manager. We seek clarification on the following points: Which roles determine the org_email sent in the response? Is the org_email coming in API response always same or does it change when we hit the APIs in multiple times. org_email in this response: https://developer.apple.com/documentation/devicemanagement/accountdetail

Im experiencing an error code 12026 when trying to install an app with iTunes Store ID 1163307568 and has tried various solutions but is still unable to install the app. Tried revoking the licenses and pushing the apps again but the error prompt persists. We have also tried syncing VPP, checking the app license, and purchasing a mild surplus, but still getting the error.

We are trying to develop an app with AppClip functionality because we believe that launching an app with AppClip as the driving force is very good. Since it will be an app for employees, we plan to distribute it via MDM and links, so we will not publish it on the AppStore. I know you said in a past forum that you did not support AppClip 3 years ago, but I would like to know what the current status is. https://developer.apple.com/forums/thread/652854

Hello, I am having trouble distributing the internal app to the Apple Business Manager via the AppStore private distribution. == Steps to reproduce == Create a new app on AppStore Connect Set it as a private distribution and specify the organisation ID Submit the build to the review The app review is approved and "Ready to Distribute" On the distribution tab, it says "This app was removed from sale from the App Store. Go to Pricing and Availability to add it back to the App Store." Sign-in to the Apple Business Manager Enable the custom app in the Apple Business Manager settings Expected: 7-A. The app is listed under the Custom App Observed: 7-B. There is no app listed under the Custom App section == Questions == Is there any other steps for the successful private distribution? Does the organisation receive any email from the App Store Connect to accept the private distirubion? Is there any way to see the status of the custom app from the developer? Is there any Apple support contact I can confirm the status of the app? Thank you for your help in advance!

We noticed that Apple Login fails if we try to login with Managed Apple ID on iOS 17.2 & 17.3 This issue could have been introduced in iOS 17 but we did not have iOS 17.0 or 17.1 to validate this. There are few prerequisites to this: Should be a supervised device. It can be enrolled in ABM or ASM. Apple ID should be Managed Apple ID Device should have a passcode policy Device should have “allowListedAppBundleIDs” added in the “com.apple.applicationaccess” payload If either of the above conditions are not met, then the issue does not happen. If the device is set up in the above way and we try to login with Managed Apple ID, then the login fails. Please refer the recording at this link: https://drive.google.com/file/d/1XG17loAuH_GB1IyGdwD8txjkHZWqGeD1/view?usp=drive_link We reproduced the issue three times and got the log files: Issue occurred at: 21st March 2024 at 19:54:58 IST a. Log file name: sysdiagnose_2024.03.21_19-55-26+0530_iPhone-OS_iPhone_21D50(07.54.58 pm).tar.gz b. Link: https://drive.google.com/file/d/1nk-cQPrVEZrAUgVmrxPCsSRDd4aNF8eK/view?usp=drive_link Issue occurred at: 21st March 2024 at 19:59:44 IST a. Log file name: sysdiagnose_2024.03.21_20-00-02+0530_iPhone-OS_iPhone_21D50(07.59.44 pm).tar.gz b. Link: https://drive.google.com/file/d/1VPcF77G2SK2c1rBK4S2GbLCAiQEeYPOB/view?usp=drive_link Issue occurred at: 21st March 2024 at 20:03:27 IST a. Log file name: sysdiagnose_2024.03.21_20-03-39+0530_iPhone-OS_iPhone_21D50(08.03.27 pm).tar.gz b. Link: https://drive.google.com/file/d/1zlLLMd0ugJoiZtmpWlarREFDl1vjZoWP/view?usp=drive_link During the above tests, this was the setup Passcode Policy: a. requireAlphanumeric: true b. minLength: 13 c. allowSimple: false allowListedAppBundleIDs: This can be anything but atleast one of them should be enabled. For example a. com.apple.AppStore b. com.apple.MobileAddressBook c. com.apple.calculator d. com.apple.camera e. com.apple.DocumentsApp f. com.apple.facetime What results I expected: The user should be able to login without an issue What results I actually saw: The user does not login We also created a ticket in Feedback assistant in March but haven't received any response: FB13694721

The customer is trying to enroll macOS devices to Hexode via Apple Business Manager (without reset). Upon running the command sudo profiles renew -type enrollment, he received the below error. Error: DEP enrollment failed: The cloud configuration server is unavailable. (MDMDeviceEnrollment:103) Upon running the command sudo profiles show -type enrollment in Terminal, he received the following output. Error fetching Device Enrollment configuration: (34006) Error Domain=MCCloudConfigurationErrorDomain Code=34006 "The cloud configuration server is unavailable." UserInfo={CloudConfigurationErrorType=CloudConfigurationFatalError, NSLocalizedDescription=The cloud configuration server is unavailable., NSUnderlyingError=0x6000012f0060 {Error Domain=com.apple.MobileActivation.ErrorDomain Code=-1 "Failed to create reference key." UserInfo={NSLocalizedDescription=Failed to create reference key., NSUnderlyingError=0x6000012f00c0 {Error Domain=com.apple.MobileActivation.ErrorDomain Code=-1 "Failed to create ref key." UserInfo={NSLocalizedDescription=Failed to create ref key., NSUnderlyingError=0x6000012f0150 {Error Domain=NSOSStatusErrorDomain Code=-25308 "failed to generate asymmetric keypair" (errKCInteractionNotAllowed / errSecInteractionNotAllowed:  / Interaction is not allowed with the Security Server.) UserInfo=0x6000009f0440 (not displayed)}}}}}} The device was assigned to the Hexnode server and listed in DEP devices in Hexnode. It seems to be an Intel device and we tried following troubleshooting steps. He said another user tried out the case and was encountering the same errors. He tried the following steps as part of troubleshooting. Installed pending OS updates Re-assigned device to Hexnode server Cleared NVRAM/PRAM Switched networks Turned off firewall and proxies on the device Re-assigned DEP configuration profile to devices Re-configured DEP and APNs Enrolling the device using the enrollment URL does work and he's able to deploy actions as well. He is willing to reset the device and check as well, but he has ~30 devices in ABM that are remote and in use. Since 2 devices encountered the case, he would like to know more about what happened.

We are working with MDM service using VPP API, and trying to migrate Legacy APIs to new App and Book Management APIs. This document says Send the public key you generate to your Apple contact in a plain-text file. Do not share the private key. Also provide a brief description of your use case and product. I generated a key-pair and sent the public key to Apple Developer Program support, however they didn't know how to handle it. What means "your Apple contact" here? I already understand how to generate JWT token for the api.ent.apple.com. I want to know who authorize the public key for the organization. Thank you,

Hi, I would like to introduce you to the problem of my client, who is probably one of the first Apple Business Manger users in Poland. The client created an ABM instance and verified it. He also created a second administrator account as recommended, and added the first device. The problem was that these accounts were accessed by one person who used Cyber Ark to save credentials. After saving the credentials for the administrator accounts, an error occurred with Cyber Ark and the passwords of these accounts were saved incorrectly. The customer has since lost access to the verified ABM instance with one device already added. Can you advise me on what to do in this situation? Can https://iforgot.apple.com/ help in any way here? Thanks a lot for all your help Best Regards, XVsorim

The wallet App on a managed business ID is currently not able to store credit cards or flight tickets. When can we expect to have this functionality? Is there a reason why it's not possible to store the cards at the moment?

Hello, We are experiencing intermittent tunnel communication failures in iOS devices following internal application updates or fresh installations. This issue occurs specifically with VMware Workspace ONE Advanced (includes AirWatch) - On Premise and Workspace ONE Tunnel. Our enterprise mobility management platform provides comprehensive tools for managing corporate-owned and BYOD devices across various operating systems. Detailed Information: Applications Involved: VMware Workspace ONE Advanced (On-Premise): Manages and secures devices and applications. Workspace ONE Tunnel: Enables per-app VPN services, routing traffic from specific managed applications through our VPN. Problem Context: After a recent update, and notably after introducing deeplinking capabilities which required making our public DNS changes to host the Apple-app-site-association file, iOS devices are not routing application traffic through the Workspace ONE Tunnel correctly. Instead, applications are bypassing VPN configurations and connecting directly to public networks, jeopardizing data security. This behavior is inconsistent and varies across devices. To illustrate, I have attached a diagram (Diagram 1) that shows the flow of traffic during the issue compared to normal operations. Timeline and Troubleshooting Steps Taken: Initial Report Date: February 2024, following the iOS update 17.3.1 and post-deeplinking modifications. VMware Involvement: Multiple troubleshooting sessions, including log analysis and configuration reviews. VMware indicated the issue might not be directly related to their platform as the tunnel functions normally post-device restart. Logs Reviewed: Application logs, network traces, and device management logs. No errors directly linked to VMware solutions were found. The logs showing the issue occurrence and after a device restart are included (see Logs Set A and Logs Set B). Additional Information: Devices Affected: Various iOS devices, total fleet approximately 1500 units. Inconsistencies: The issue manifests inconsistently across different organizational groups (OGs) and is not tied to a specific app version or device model. Developer Notes: The issue does not occur when applications are deployed via Xcode during testing phases. It only arises when apps are updated in a live environment. Request for Assistance: We request Apple’s assistance in investigating potential iOS-specific causes or configurations contributing to this issue, particularly in the context of the deeplinking changes. A joint troubleshooting session is proposed to further diagnose and address the problem. Prompt support in resolving this issue, given its impact on our operations, would be greatly appreciated. Attachments: Diagram 1&2: Traffic Routing During Issue vs. Normal Operation Diagram 3: Our App communications diagram Logs Set A: Device Logs When Issue Occurs Logs Set B: Device Logs After Restart (Set A) After restart - no issue .log https://drive.google.com/file/d/1Q2COgXkMa3KnN1N-ggZKwYhHP7KC-Hwy/view?usp=sharing (Set B) before restart.log https://drive.google.com/file/d/1uS9kAV6zJyRvVRQoWQNKdWBBR7sxM6Js/view?usp=sharing Any suggestions? Thank you!

Hello there! I'd like to know if it is possible to use Apple Business Manager API to create an automation for user creation, please. Thanks in advance.

Hi, We have our devices listed in Apple Business Manager but they are not enrolled in MDM. Some of the devices are locked in Activation Lock screen as employees logged in with their personal account . Since devices are company owned and already available in ABM is there any way to remove activation lock easily without providing proof of purchase to apple? In order to prevent devices getting into activation lock in future the only way is to Enroll the device in a MDM? Are there anyways to bypass activation lock if we are not using MDM

We created an app for iphone which includes a Watch app. The app works well during debugging, and also in TestFlight the Watch app installs nicely and does what it is supposed to do. However, when we make the app available through the Apple Business Manager (the app is for internal use by a company) the Iphone app downloads without problems, but the app for the Apple Watch does not work. When I go to the Watch app on my Iphone (where you can manage the apps on your Watch and so on) my app is listed, but when I press install I see a loader for a few seconds, then it stops but nothing else happens. So the code seems to be good, but after I download the app with a code through the Business Manager, then I cannot install the Watch version of the app.

Recently i created an ABM account and seemed to work fine. all of the sudden we cannot log in anymore and we get a notification that this apple ID is deactivated (but it is active). when i want to reset password, deactivate or delete this user in ABM, i get an INTERNAL_ERROR message with no further explination. i can delete and deactivate other users but not this one. The log file is not realy any use since it sais 'SUB_STATUS, COMLETED_WITH_FAILURE". Any idea how i can resolve this?

I've added my organization macbook air m2 2022 via apple configurator, however, the mac it not receiving the Remote Management prompt during setup. I've confirmed that the device in ABM is pointing to the connect server. Any ideas?

Hi all , We are planning to manage about 1 Million+ Apple devices of inclusive of both iPhone and Mac devices under a AxM Account. However while adding VPP Licenses for an App i'm prompted with below error: " You cannot order more than 100000 copies of same the free item per week" While our goal is to manage 1 Million devices under same Location token , i have below questions in mind 1 . What is the upper limit of number of Licenses that can be added per app in a Location token? Currently it says 1 Lakh Licenses per app per week . Wanted to know if there is any limit on this count as it shouldn't surprise us in upcoming weeks. 2 . How many Locations can be created in a AxM Account? Currently we created about 15 location to see if there are any limit but so far couldn't find any limit on number of locations that can be created. This limit could help us plan our deployment in advance 3 . What is the total number of licenses a VPP Location token can hold ? As we manage 1 Million Devices for 12 Apps , 1 Million x 12= 12 Million licenses would be transacted in this location token by our MDM Solution , is this okay or will there be any limitations in this count

The MAC device is a device that has been manually added to the Apple Business Manager. DEP profiles are normally installed in both iOS and iPadOS. Profile descript error occurs only when attempting DEP of MacOS. (If you look at the picture, a decryption error occurs in the remote device registration step.) I asked Apple's customer center about this problem,  and it is said that it is caused by the lack of a key called "automatic registration on the MDM server" The key cannot be found in the Apple official document related to the profile below. https://developer.apple.com/documentation/devicemanagement/mdm/ Information received during DEP enroll of Macmini using Apple silicon. {    'LANGUAGE': 'en_US',    'PRODUCT': 'Macmini 9,1',    'SERIAL': 'CXXXXXXXXXXV',    'UDID': '0XXXXX27-XXXX-XXXX-XXXX-XZXXXXXXXXX',    'VERSION': '21C52' } Information received during DEP enroll of iPAD {    'LANGUAGE': 'en_US',    'PRODUCT': 'iPad5,4',    'SERIAL': 'DXXXXXXXXXXQ',    'UDID': '9aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX6d',    'VERSION': '19C63' } Profile to be transmitted to the device (same as MacOS, iOS, IPadOS) {    'AccessRights': 8191,    'CheckInURL': 'https://apm.xxxxx.com/checkin',    'CheckOutWhenRemoved': True,    'IdentityCertificateUUID': '00000000-0000-0000-0000-000000000000',    'PayloadDescription': 'MDM Profile',    'PayloadDisplayName': 'MDM',    'PayloadIdentifier': 'com.xxxxx.xxxxxxx.mdm',    'PayloadOrganization': 'MDM provider',    'PayloadType': 'com.apple.mdm',    'PayloadUUID': '00000000-0000-0000-0000-000000000000',    'PayloadVersion': 1,    'PromptUserToAllowBootstrapTokenForAuthentication': True,   'ServerCapabilities': ['com.apple.mdm.per-user-connections','com.apple.mdm.bootstraptoken'],    'ServerURL': 'https://apm.xxxxx.com/server',    'SignMessage': False,    'Topic': 'com.apple.mgmt.External.206bfa63-f76a-4381-9e50-6f74241d14d9' }  Because it uses the same profile structure, it is not understood that iOS/iPadOS operates normally and errors occur only in MacOS. If there is anything that can help me, please let me know. Thank you.

Hello, The issues we previously identified still need your attention. If you have any questions, we are here to help. Reply to this message in App Store Connect and let us know. Review Environment Submission ID: 00fc9b08-3da8-4b89-8810-740174730062 Review date: April 21, 2024 Version reviewed: 1.0 Guideline 3.2.1 - Business - Other Business Model Issues - Acceptable Your app provides financial services but does not meet all the requirements for apps providing these services. Specifically: The app must be published under a seller and company name that is associated with the organization or company providing the services. In this case, your app must be published under a seller name and company name that reflects the Askmefund name. The account that submits the app must be enrolled in the Apple Developer Program as an organization, and not as an individual. These requirements give App Store users confidence that apps offering financial services are qualified to provide these services and will responsibly manage their data. Please provide ownership documentation or modify the vendor seller name. Please Help me.