Apple Business Manager

RSS for tag

Offer custom apps to organizations. Manage your organization's devices, apps, and accounts.

Posts under Apple Business Manager tag

86 Posts
Sort by:






iOS 14: Several MDM commands fails with error "Couldn’t communicate with a helper application"
With iOS 14 devices we can see that Many MDM Commands Fails with error " Couldn’t communicate with a helper application." . This Error is more frequent in InstallApplication , InstallProfile command , but other MDM commads also face the same issue. I have attach sample response from some devices. We have seen this error in previous version of iOS but with iOS 14 these are very frequent. InstallApplication Errors <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication;Collection=51075000000853127</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>1005</integer> <key>ErrorDomain</key> <string>DeviceManagement.error</string> <key>LocalizedDescription</key> <string>Could not install app.</string> </dict> <dict> <key>ErrorCode</key> <integer>4097</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDID-UDID</string> </dict> </plist> <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication;Collection=33783000002227119</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>4099</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDIDUDIDUDID</string> </dict> </plist> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication;Collection=51075000000853127</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>1005</integer> <key>ErrorDomain</key> <string>DeviceManagement.error</string> <key>LocalizedDescription</key> <string>Could not install app.</string> </dict> <dict> <key>ErrorCode</key> <integer>4097</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDID-UDID</string> </dict> </plist> InstallProfile Errors <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>SingletonRestriction</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>4099</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDIDUDID</string> </dict> </plist> AvailableOSUpdate Error <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>AvailableOSUpdates</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>12050</integer> <key>ErrorDomain</key> <string>MCMDMErrorDomain</string> <key>LocalizedDescription</key> <string>The attempt to check for an available update failed.</string> <key>USEnglishDescription</key> <string>The attempt to check for an available update failed.</string> </dict> <dict> <key>ErrorCode</key> <integer>2214</integer> <key>ErrorDomain</key> <string>DeviceManagement.error</string> <key>LocalizedDescription</key> <string>Scan failed.</string> </dict> <dict> <key>ErrorCode</key> <integer>4097</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDIDUDIDUDID</string> </dict> </plist> ClearPasscode <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>ClearPasscode</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>701</integer> <key>ErrorDomain</key> <string>DeviceManagement.error</string> <key>LocalizedDescription</key> <string>The device’s passcode cannot be cleared.</string> </dict> <dict> <key>ErrorCode</key> <integer>4097</integer> <key>ErrorDomain</key> <string>NSCocoaErrorDomain</string> <key>LocalizedDescription</key> <string>Couldn’t communicate with a helper application.</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>UDIDUDIDUDID</string> </dict> </plist>
Aug ’23
The "unable to encrypted profile" error occurs only at the time of Mac DEP registration.
MacOS ver. Monterey 12.1 A device management profile is transmitted to the device with reference to the above link. Both iOS and iPadOS devices operate normally in general enroll and DEP enroll. In MacOS, Enroll operates normally in Userchannels. This time, I purchased a MacMini device equipped with Apple Silicon and tried to test DEP registration, but an error occurs as follows. "unable to decrypt encrypted profile" Should Mac's DEP registration use a different payload profile method? Let me know if you know something to refer to. thank you.
Aug ’23
Inquiry about the failure to decrypt the profile when registering the DEP of MacOS.
The MAC device is a device that has been manually added to the Apple Business Manager. DEP profiles are normally installed in both iOS and iPadOS. Profile descript error occurs only when attempting DEP of MacOS. (If you look at the picture, a decryption error occurs in the remote device registration step.) I asked Apple's customer center about this problem,  and it is said that it is caused by the lack of a key called "automatic registration on the MDM server" The key cannot be found in the Apple official document related to the profile below. Information received during DEP enroll of Macmini using Apple silicon. {    'LANGUAGE': 'en_US',    'PRODUCT': 'Macmini 9,1',    'SERIAL': 'CXXXXXXXXXXV',    'UDID': '0XXXXX27-XXXX-XXXX-XXXX-XZXXXXXXXXX',    'VERSION': '21C52' } Information received during DEP enroll of iPAD {    'LANGUAGE': 'en_US',    'PRODUCT': 'iPad5,4',    'SERIAL': 'DXXXXXXXXXXQ',    'UDID': '9aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX6d',    'VERSION': '19C63' } Profile to be transmitted to the device (same as MacOS, iOS, IPadOS) {    'AccessRights': 8191,    'CheckInURL': '',    'CheckOutWhenRemoved': True,    'IdentityCertificateUUID': '00000000-0000-0000-0000-000000000000',    'PayloadDescription': 'MDM Profile',    'PayloadDisplayName': 'MDM',    'PayloadIdentifier': 'com.xxxxx.xxxxxxx.mdm',    'PayloadOrganization': 'MDM provider',    'PayloadType': '',    'PayloadUUID': '00000000-0000-0000-0000-000000000000',    'PayloadVersion': 1,    'PromptUserToAllowBootstrapTokenForAuthentication': True,   'ServerCapabilities': ['',''],    'ServerURL': '',    'SignMessage': False,    'Topic': '' }  Because it uses the same profile structure, it is not understood that iOS/iPadOS operates normally and errors occur only in MacOS. If there is anything that can help me, please let me know. Thank you.
May ’24
Webclip icon cannot be deleted
The iphone info: OsVersion: iOS 15 Device model: iphone 12 Steps: Install the MDM profile on the iphone. The server pushes the command to install the webclip profile through MDM (the profile is set to not be manually removable). After installing the webclip profile, the webclip icon will appear on the Home Screen of the phone screen. When the webclip is no longer used, remove the webclip profile through MDM. The problem occurs in step 4, the webclip profile is deleted, but the webclip icon still exists on the home screen of the mobile phone, and cannot be removed by tools such as Apple Configurator2. So what causes this phenomenon and how to fix?
Oct ’23
Apple Business Manager Azure app stopped syncing
Since a few days my Apple Business Manager Enterprise App in Azure was quarantined. I had no configuration changes, it just suddenly stopped. I have two groups which contain the users I want to sync. It seems it cannot use groups at all anymore. If I assign users directly it will work. But that's very inconvenient for us. Was there any change lately to explain why this does not work anymore? Group User
Jul ’23
Does the user have to enroll own devices in MDM to download custom apps with redemption code?
I know that I can get multiple redemption codes from Apple Business Manager, let users download custom apps using redemption codes, and there are region restrictions. Does the user have to enroll own devices in MDM to download custom apps with redemption code? Because users are not necessarily full-time employees of the company, they may also be short-term partners who use their own devices.
Jul ’23
If user downloads a custom app to their own device using redemption code, is there a way to force remove it from the App Store purchased list?
We plan to get some redemption codes from ABM to our partners to download custom apps, and they will use their own devices. But there is a problem, if they are not involved in this business anymore. If user downloads a custom app to their own device using redemption code, is there a way to force remove it from the App Store purchased list? Is there a way to force remove it from the App Store purchased list? Or can only add permission verification to the application?
Jan ’24
Apple do not received refund from my bank and not answer to requests
Hello everyone, Back on March 2023, Apple made the payout to our Wise bank account, however by some internal reason we decided to return this payment back to Apple and send it to another bank account and this was the biggest mistake I've ever made So, when Wise received funds we clicked on "cancel" and send it back to the sender. We expected that funds would return to Apple within 3-4 working days, but more than 5 months passed and Apple still can't find this money. And the weirdest thing is that Apple does not answer my emails. Does anyone know what to do in this case? What I've already tried: Write to Apple email support inside of the Apple dev account (more than 50 emails are sent and no reply) Called Apple global phone support (they can't help) Called Apple UK finance support (after several questions about my money and where are they the representative simply dropped the phone (Can't share how I was shocked didn't expect that this is possible when your working with Apple)) Wrote an email to Wise (and they gave all confirmations that they refunded money back to the sender) Wrote an email to db (the bank that Apple is using)(But they answered that they are not going to help) Long story short Apple do not want to send me my 57k EUR because they can't and do not want to find them... For Apple representatives that want to help please reply to email - Payments and Financial Reports (89JF8QQ45W); Case-ID: 1998672
Jul ’23
Federated authentication of google workspace with apple business manager
Hi Team, I am testing federated authentication of Google Workspace with Apple Business Manager (ABM). After successfully configuring the Google Workspace domain in the ABM admin account and syncing it, we attempted to enroll a device using automated device enrollment and login with the Google Workspace account as the managed Apple ID. However, during enrollment, the system asked to create a new user, even though the username was replicated from the Google account, and prompted to enter a new password. Could someone please explain why this is happening? and aiming to enable a seamless login without user creation or password generation.
Jul ’23
Clarification regarding Not Now Option in ABM enrollment using which user can skip ABM enrollment for 8 hours
During the "What’s new in managing Apple devices" session, you provided information about the "Not Now" option during Mac ABM Enrollment. We observed that this option was functional when enrolling a Mac through ABM using the "profiles renew -type enrollment" command. However, when attempting to enroll a Mac by erasing it through ABM, we couldn't find the "Not Now" option. Could you please confirm whether the "Not Now" option is intended to be available when enrolling a Mac by erasing it through ABM? Your clarification on this matter would be greatly appreciated.
Jul ’23
Able to access corporate mail attachment in unmanaged apps
Able to access corporate mail attachment in unmanaged apps even after the restriction profile (“allowOpenFromManagedToUnmanaged”) has been installed in the device. Followed the following steps able to reproduce this issue Logged in with a personal mail account in iOS device in Mail app. Pushed an MDM profile with Email configuration to an iOS device. Now this account is in managed space Pushed a Restriction profile which has the key “allowOpenFromManagedToUnmanaged” to “false”. This restricts unmanaged apps to open attachments from managed space. Now when I send a email with an attachment to this managed mail account from personal account (Mail is sent from another device, not managed device) On receiving the email in managed mail account, Able to open the attachment in unmanaged apps. The restriction seems not to be working when the personal mail account is present in the mail app along with the corporate mail account and the attachment received in a corporate mail account is treated to be in unmanaged space. The restriction works fine when the personal mail account is removed from mail app. Kindly confirm whether this is the expected behaviour.
Aug ’23
US Govt Agency asking to pay for app "outside the Apple payment process"
Dear All, I've just received an email from a user of my paid app who says he is no longer able to use it on his work phone. He works for a US government agency which I'll abbreviate to GOV below. Apparently they have started using Microsoft Intune for device management and as a result they need the following work-around: This app is not free to download, so it cannot be added to Intune app catalog through this tool. Reach out to the app developer and explain that GOV uses Apple Business Manager (ABM) and MDM for delivering managed apps to devices. Payment through ABM is not supported by GOV, so the app developer will need to provide a version of the app that's free to download but take payment outside of the Apple ID payment process. GOV's Custom App Store can be access by developers by advertising their app to Organization ID 12345678. I don't know much about MDM, ABM and Intune, and I would more or less consider this a scam except that I am confident that the person who has sent it really does work for this government agency and does use my app on his personal device. Is there any possibility that what they are asking for is legitimate? I suspect that the crucial part is: "Payment through ABM is not supported by GOV", i.e. fundamentally ABM/MDM/Intune can support paid apps, but the financial people at GOV AGENCY have chosen not to support that. Has anyone else experienced anything like this?
Aug ’23
ScheduleOSUpdate command fails
When pushing the “ScheduleOSUpdate” command to a Supervised MDM enrolled iPad device, command fails with the following error. Available OS Update response <key>AvailableOSUpdates</key> <array> <dict> <key>AllowsInstallLater</key> <false/> <key>Build</key> <string>20G75</string> <key>DownloadSize</key> <integer>4456890240</integer> <key>HumanReadableName</key> <string>iOS 16</string> <key>InstallSize</key> <integer>467664896</integer> <key>IsCritical</key> <false/> <key>ProductKey</key> <string>iOSUpdate20G75</string> <key>ProductName</key> <string>iOS</string> <key>RestartRequired</key> <true/> <key>Version</key> <string>16.6</string> </dict> </array> <key>CommandUUID</key> <string>AvailableOSUpdates</string> <key>Status</key> <string>Acknowledged</string> ScheduleOSUpdate command <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>ScheduleOSUpdate</string> <key>Command</key> <dict> <key>RequestType</key> <string>ScheduleOSUpdate</string> <key>Updates</key> <array> <dict> <key>ProductKey</key> <string>iOSUpdate20G75</string> <key>InstallAction</key> <string>Default</string> <key>ProductVersion</key> <string>16.6</string> </dict> </array> </dict> </dict> </plist> ScheduleOSUpdate command response <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>AttemptOSUpdate</string> <key>Status</key> <string>Acknowledged</string> <key>UDID</key> <string>****</string> <key>UpdateResults</key> <array> <dict> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>12057</integer> <key>ErrorDomain</key> <string>MCMDMErrorDomain</string> <key>LocalizedDescription</key> <string>The update failed to download.</string> <key>USEnglishDescription</key> <string>The update failed to download.</string> </dict> <dict> <key>ErrorCode</key> <integer>2202</integer> <key>ErrorDomain</key> <string>DeviceManagement.error</string> <key>LocalizedDescription</key> <string>A download failed.</string> </dict> <dict> <key>ErrorCode</key> <integer>31</integer> <key>ErrorDomain</key> <string></string> <key>LocalizedDescription</key> <string>The operation couldn’t be completed. ( error 31.)</string> </dict> </array> <key>InstallAction</key> <string>Error</string> <key>ProductKey</key> <string>iOSUpdate20G75</string> <key>Status</key> <string>DownloadFailed</string> </dict> </array> </dict> </plist> As seen in the AvailableOSUpdate response, this device is applicable for iOS 16 update but unable to update manually as well as via MDM. The device has the following message showing up, is there any relation between the MDM command failing and this message. This iPad device is currently running "12.1.4" OS version Kindly confirm the reason for this message and the reason for this failure via MDM. And also confirm if there are any restrictions to update to certain major OS versions from lower OS versions, if so kindly share any documentation available regarding this. 
Aug ’23