I took notes during the "What's new in managing Apple Devices" session. If interested, please see the attached "Notes from session":
Session Notes
For the session video, please see the following link: https://developer.apple.com/wwdc22/10045
Device Management
RSS for tagAllow administrators to securely and remotely configure enrolled devices using Device Management.
Posts under Device Management tag
179 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
Howdy,
I thought this would be an easy question, but it turns out it's really not! In fact, it flies in the face of how the Apple ecosystem is set up. That said, I still need an answer to be able to inform our customers of what their app update options are.
The question: Does app store provisioning ever expire? Based on the very limited information I can find, it either expires in one year, two years, or never. Anecdotal evidence seems to indicate that the answer could be never, but I need to confirm this.
The use case: Some of our customers are very old school. They tend to find a technical solution and stick with it. As such, they do not update apps regularly on their field iPads. They generally only update when they are forced to. They use MDM to deploy the app, and would set the MDM not to pull updated apps from the app store when available, essentially keeping the same version of the app in use for as much as 3 years or more. If this were to happen, I need to know if the provisioning for the old version of the app will ever expire if they get it from the app store.
I know with an enterprise deployment of .ipa files via MDM, the app provisioning/certificate will expire after 1 or 2 years (can't remember which atm), but I can't find an answer about app store provisioning. Hopefully someone can provide me with an answer on this forum.
Thanks in advance,
Mapguy
Hello,
I have an issue with DurationUntilRemoval—it never deletes my profile. I installed it via my MDM server and also tried installing it using Apple Configurator 2. The device is in supervised mode.
Here is my profile:
** DurationUntilRemoval**
** 3600**
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>Configures restrictions</string>
<key>PayloadDisplayName</key>
<string>Restrictions</string>
<key>PayloadIdentifier</key>
<string>com.apple.applicationaccess.82B4587F-86F6-406B-9D27-03A799379EB5</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadUUID</key>
<string>82B4587F-86F6-406B-9D27-03A799379EB5</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>allowActivityContinuation</key>
<true/>
<key>allowAddingGameCenterFriends</key>
<true/>
<key>allowAirPlayIncomingRequests</key>
<true/>
<key>allowAirPrint</key>
<true/>
<key>allowAirPrintCredentialsStorage</key>
<true/>
<key>allowAirPrintiBeaconDiscovery</key>
<true/>
<key>allowAppCellularDataModification</key>
<true/>
<key>allowAppClips</key>
<true/>
<key>allowAppInstallation</key>
<true/>
<key>allowAppRemoval</key>
<true/>
<key>allowApplePersonalizedAdvertising</key>
<true/>
<key>allowAssistant</key>
<true/>
<key>allowAssistantWhileLocked</key>
<true/>
<key>allowAutoCorrection</key>
<true/>
<key>allowAutoUnlock</key>
<true/>
<key>allowAutomaticAppDownloads</key>
<true/>
<key>allowBluetoothModification</key>
<true/>
<key>allowBookstore</key>
<true/>
<key>allowBookstoreErotica</key>
<true/>
<key>allowCamera</key>
<true/>
<key>allowCellularPlanModification</key>
<true/>
<key>allowChat</key>
<true/>
<key>allowCloudBackup</key>
<true/>
<key>allowCloudDocumentSync</key>
<true/>
<key>allowCloudPhotoLibrary</key>
<true/>
<key>allowContinuousPathKeyboard</key>
<true/>
<key>allowDefinitionLookup</key>
<true/>
<key>allowDeviceNameModification</key>
<true/>
<key>allowDeviceSleep</key>
<true/>
<key>allowDictation</key>
<true/>
<key>allowESIMModification</key>
<true/>
<key>allowEnablingRestrictions</key>
<true/>
<key>allowEnterpriseAppTrust</key>
<true/>
<key>allowEnterpriseBookBackup</key>
<true/>
<key>allowEnterpriseBookMetadataSync</key>
<true/>
<key>allowEraseContentAndSettings</key>
<true/>
<key>allowExplicitContent</key>
<true/>
<key>allowFilesNetworkDriveAccess</key>
<true/>
<key>allowFilesUSBDriveAccess</key>
<true/>
<key>allowFindMyDevice</key>
<true/>
<key>allowFindMyFriends</key>
<true/>
<key>allowFingerprintForUnlock</key>
<true/>
<key>allowFingerprintModification</key>
<true/>
<key>allowGameCenter</key>
<true/>
<key>allowGlobalBackgroundFetchWhenRoaming</key>
<true/>
<key>allowInAppPurchases</key>
<true/>
<key>allowKeyboardShortcuts</key>
<true/>
<key>allowManagedAppsCloudSync</key>
<true/>
<key>allowMultiplayerGaming</key>
<true/>
<key>allowMusicService</key>
<true/>
<key>allowNews</key>
<true/>
<key>allowNotificationsModification</key>
<true/>
<key>allowOpenFromManagedToUnmanaged</key>
<true/>
<key>allowOpenFromUnmanagedToManaged</key>
<true/>
<key>allowPairedWatch</key>
<true/>
<key>allowPassbookWhileLocked</key>
<true/>
<key>allowPasscodeModification</key>
<true/>
<key>allowPasswordAutoFill</key>
<true/>
<key>allowPasswordProximityRequests</key>
<true/>
<key>allowPasswordSharing</key>
<true/>
<key>allowPersonalHotspotModification</key>
<true/>
<key>allowPhotoStream</key>
<true/>
<key>allowPredictiveKeyboard</key>
<true/>
<key>allowProximitySetupToNewDevice</key>
<true/>
<key>allowRadioService</key>
<true/>
<key>allowRemoteAppPairing</key>
<true/>
<key>allowRemoteScreenObservation</key>
<true/>
<key>allowSafari</key>
<true/>
<key>allowScreenShot</key>
<true/>
<key>allowSharedStream</key>
<true/>
<key>allowSpellCheck</key>
<true/>
<key>allowSpotlightInternetResults</key>
<true/>
<key>allowSystemAppRemoval</key>
<true/>
<key>allowUIAppInstallation</key>
<true/>
<key>allowUIConfigurationProfileInstallation</key>
<true/>
<key>allowUSBRestrictedMode</key>
<true/>
<key>allowUnpairedExternalBootToRecovery</key>
<false/>
<key>allowUntrustedTLSPrompt</key>
<true/>
<key>allowVPNCreation</key>
<true/>
<key>allowVideoConferencing</key>
<true/>
<key>allowVoiceDialing</key>
<true/>
<key>allowWallpaperModification</key>
<true/>
<key>allowiTunes</key>
<true/>
<key>forceAirDropUnmanaged</key>
<false/>
<key>forceAirPrintTrustedTLSRequirement</key>
<false/>
<key>forceAssistantProfanityFilter</key>
<false/>
<key>forceAuthenticationBeforeAutoFill</key>
<false/>
<key>forceAutomaticDateAndTime</key>
<false/>
<key>forceClassroomAutomaticallyJoinClasses</key>
<false/>
<key>forceClassroomRequestPermissionToLeaveClasses</key>
<false/>
<key>forceClassroomUnpromptedAppAndDeviceLock</key>
<false/>
<key>forceClassroomUnpromptedScreenObservation</key>
<false/>
<key>forceDelayedSoftwareUpdates</key>
<false/>
<key>forceEncryptedBackup</key>
<false/>
<key>forceITunesStorePasswordEntry</key>
<false/>
<key>forceLimitAdTracking</key>
<false/>
<key>forceWatchWristDetection</key>
<false/>
<key>forceWiFiPowerOn</key>
<false/>
<key>forceWiFiWhitelisting</key>
<false/>
<key>ratingApps</key>
<integer>1000</integer>
<key>ratingMovies</key>
<integer>1000</integer>
<key>ratingRegion</key>
<string>us</string>
<key>ratingTVShows</key>
<integer>1000</integer>
<key>safariAcceptCookies</key>
<real>2</real>
<key>safariAllowAutoFill</key>
<true/>
<key>safariAllowJavaScript</key>
<true/>
<key>safariAllowPopups</key>
<true/>
<key>safariForceFraudWarning</key>
<false/>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>papala</string>
<key>PayloadIdentifier</key>
<string>MacBook-Pro-Kyrylo-2.4A2954CA-57A5-44D9-8AD3-546407A0CAD4</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>BEED8448-8866-43EB-AC3C-1C3C652AADE4</string>
<key>PayloadVersion</key>
<integer>1</integer>
it's just test profile, without difficult stuff, but it doesn't work too
What is wrong?
Hi,
I have a couple of questions about how to proceed and prepare the implementation for the DeviceLock MDM command for macOS in a secure and proper manner.
https://developer.apple.com/documentation/devicemanagement/device-lock-command
In documentation "PIN" is "(string) The six-character PIN for Find My. This value is available in macOS 10.8 and later." - is this the PIN that is used to unlock the device?
Is there any video online that I can see how the process would look like for the end user with locking and unlocking a device?
What should be done before sending a DeviceLock command? What should be done to safely test the command without bricking a device.
How to unlock a device that was locked with a DeviceLock command? Is there any Unlock command or can the user unlock device with the provided PIN earlier?
Thank you for any help!
I'm looking at the Apple official document below and getting the app's information.
https://developer.apple.com/documentation/devicemanagement/getting-app-and-book-information-legacy
However, I couldn't get the custom app's information for a few days ago. The result item is empty.
This is a URL that is normally viewed.
https://uclient-api.itunes.apple.com/WebObjects/MZStorePlatform.woa/wa/lookup?version=2&p=mdm-lockup&caller=MDM&platform=volumestore&cc=jp&id=1202716089
This is the URL that gives an empty response to the result.
https://uclient-api.itunes.apple.com/WebObjects/MZStorePlatform.woa/wa/lookup?version=2&p=mdm-lockup&caller=MDM&platform=volumestore&cc=jp&id=1556411142
In ABM/ASM, the number of applications used and the number of available applications are all viewed normally.
Is there anything else I can check?
Please reply.
Thank you.
What is the proper payload for the FDEFileVault?
Do I need to provide a user password in the payload to proceed with turning on the FileVault? Isn't that a privacy issue?
Why UserEntersMissingInfo does not work for me?
How to properly turn off FileVault - every try failed?
Below I attach tested payloads and results.
Test 1:
Enable: "On"
Result 1:
Error
ErrorCode: -319
LocalizedDescription: The ‘FileVault Settings’ payload could not be installed. User authentication failed.
Test 2:
Enable: "On"
Username: "username on a device"
Result 2:
Error
ErrorCode: -319
LocalizedDescription: The ‘FileVault Settings’ payload could not be installed. User authentication failed.
Test 3:
Enable: "On"
Username: "username on a device"
Password: "password of the user"
Result 3:
Success: FileVault turned On
Test 4:
After previously turning On FileVault successfully after restarting a machine.
Enable: "Off"
Result 4:
Fail: FileVault didn't turn off, but the profile in settings updated. The machine restart didn't help.
Test 5:
Enable: "On"
UserEntersMissingInfo: True
Result 5:
Error
ErrorCode: -319
LocalizedDescription: The ‘FileVault Settings’ payload could not be installed. User authentication failed.
Test 6:
Enable: "On"
Username: "username on a device"
UserEntersMissingInfo: True
Result 6:
Error
ErrorCode: -319
LocalizedDescription: The ‘FileVault Settings’ payload could not be installed. User authentication failed.
Test 7:
This is example payload from: https://developer.apple.com/documentation/devicemanagement/fdefilevault#Profile-Example
Defer: True
Enable: "On"
ShowRecoveryKey: True
UseKeychain: False
UseRecoveryKey: True
UserEntersMissingInfo: False
Result 7:
Success: FileVault turned On
Test 8:
Same as test 4, but after turning on like test 7.
Test 9:
Defer: True
Enable: "Off"
ShowRecoveryKey: True
UseKeychain: False
UseRecoveryKey: True
UserEntersMissingInfo: False
Result 9:
Fail: FileVault didn't turn off, but the profile in settings updated. The machine restart didn't help.
Test 10:
Defer: True
Enable: "Off"
ShowRecoveryKey: True
UseKeychain: False
UseRecoveryKey: True
UserEntersMissingInfo: True
Result 10:
Fail: FileVault didn't turn off, but the profile in settings updated. The machine restart didn't help.
Test 11:
Defer: True
Enable: "Off"
ShowRecoveryKey: True
UseKeychain: False
UseRecoveryKey: True
UserEntersMissingInfo: True
DeferForceAtUserLoginMaxBypassAttempts: 0
Result 11:
Fail: FileVault didn't turn off, but the profile in settings updated. The machine restart didn't help.
Test 12:
UserEntersMissingInfo: True
Enable: "Off"
Username: "username on a device"
Result 12:
Fail: FileVault didn't turn off, but the profile in settings updated. The machine restart didn't help.
The MDM was installed correctly and other commands are working fine. I have tried to send the InstallProfile with custom configuration to the device, but it was displayed as not signed. How to sign the payload for InstallProfile command and where it should be included in the payload / command?
The payload I sent to a mac with MDM installed:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Payload</key>
<data>
BASE64_HERE
</data>
<key>RequestType</key>
<string>InstallProfile</string>
</dict>
</plist>
Decoded base64 from the payload above was:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.example.myapp</key>
<dict>
<key>test_key</key>
<string>test_value</string>
</dict>
</dict>
<key>PayloadDisplayName</key>
<string>My App Configuration</string>
<key>PayloadIdentifier</key>
<string>com.org_name.mdm.profile.uq_id_here</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>UUID4 HERE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>App Configuration Profile</string>
<key>PayloadIdentifier</key>
<string>com.example.myapp.config</string>
<key>PayloadOrganization</key>
<string>ORG NAME</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>ANOTHER UUID4 HERE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
System logs from Device:
[*] Processing server request: InstallProfile for: <Device>
[ERROR] System keychain reported it is unavailable but will proceed as if it is.
[*] === CPF_InstallProfile === com.example.myapp.config (user: <Computer>) (source: 'MDM')
[*] >>>>> Sending HTTP request (PUT) [Acknowledged(InstallProfile)
[*] <<<<< Received HTTP response (200) [Acknowledged(InstallProfile)
[*] Processing server request: ProfileList for: <Device>
[*] >>>>> Sending HTTP request (PUT) [Acknowledged(ProfileList)
[*] <<<<< Received HTTP response (200) [Acknowledged(ProfileList)
Also the ProfileList didn't include the installed profile. Is it because it was unsigned? How it should be signed?
We have an application which is written in Swift, which activates two network extensions (Content Filter, Transparent Proxy). We want to use MDM deployment for these network system extensions.
For Content Filter, we already have Jamf Profile which has Web Content Filter payload and it works fine.
Our Transparent Proxy module is a system extension, which is exposing an app proxy provider interface (We are using NETransparentProxyProvider class and in extension’s Info.plist we use com.apple.networkextension.app-proxy key.) We don’t have any remote server setup to forward the traffic, instead we open a connection with a certain localhost:port to redirect the traffic which is received in our transparent proxy. We have another module that listens to the particular localhost:port to process the traffic further.
We are unable to find the appropriate payload in any of the Profile Editor applications like Apple Configurator, iMazing Profile Editor and Jamf Pro that correctly describes our setup.
As per https://developer.apple.com/documentation/devicemanagement/vpn/transparentproxy documentation, we noticed that we can use the VPN payload with app-proxy as Provider Type for Transparent Proxy.
Here are the list of issues encountered with different MDM solutions.
**AppleConfigurator: **
We were able to install the profile created via Apple Configurator. However when we install our product (which has the above mentioned system extensions), the Transparent Proxy added by our product fails to map with the installed profile. User has to provide the credentials and follow the steps while installing the extension via the product.
Attached the screenshot of "Network->Filters" screen and the profile for reference.
Profile Created using Apple Configurator
iMazing Profile Editor:
Unable to install the profile created using iMazing Profile Editor.
Attached the screenshot of error and the profile for reference:
Profile Created Using iMazing Profile Editor
Jamf Pro:
We were able to install the profile created via Jamf Pro and also while in stalling our product the Transparent Proxy gets mapped with the one which is installed via profile. However after that the network is broken and hence unable to browse anything.
Attached the profile for reference.
Profile Created using Jamf Pro
What should be the correct profile payload to use for our Transparent Proxy?
We are using management properties in DDM to assign configurations and assets to a particular device, and one of those properties should be updated by a business app on the device.
For example, if the business application is not launched every 30 days, then a predicate should evaluate to false and the device put into single app mode to force the application to run.
If, however, the app is launched any time in the 30 days, then the counter should be reset. Essentially trying to enforce that users in the field cannot work offline for extended periods of time without getting the latest dataset from the company.
The single app mode part is very clear and the predicate to assign the configuration based on the date in the management property seems logical.
However, the question is: Can a predicate be built upon data that is updated by the custom MDM app? ie: If the app is launched on the device without connectivity, can a property be updated that the DDM predicate system can access that can be used as an input property? such as "last launch time" or "last check-in" of the custom app?
Alternately, could the custom MDM app read any of the management properties set via DDM? That way the user would know the value that the DDM configuration for restricting the device.
Managed iOS/iPad devices are struck with no network under below conditions
Enrolling a Supervised iOS device
Send InstallProfile command with AppLock payload (https://developer.apple.com/documentation/devicemanagement/applock)
Now when the above managed device loses network connection with MDM server due to unknown network issues - the device is out of contact with MDM server and device is locked.
Since such AppLock payload installed devices are placed in remote locations, it becomes difficult for Admins to recover such devices with no network connectivity. The devices have to be brought in from remote location and recover them.
Under such conditions, it would be better to allow the end user to change the Network configuration manually to reconnect the device with MDM server.
This option can also be allowed only when the device can’t ping MDM server.
It's been two weeks since I submitted the MDM capability request form as our app requires an MDM to activate the DNS Proxy component.
There's been zero emails about it, and I can't find anywhere to check the status on it.
Does anyone have experience regarding the "MDM capability" request or is anyone from Apple able to provide some insight into what is expected?
Is there or will there be an update to the depsim and vppsim simulator tools? The current version is significantly out-of-date in terms of features and fails to start due to the developer not being verified (ironically).
Hello Developer Community,
I'm facing a critical situation with our company's Apple Developer Account. We are unable to access our account because:
The admin of our Apple Developer Account is a former team member
We cannot reach this person anymore
We need to regain access to maintain our app on the App Store
Questions:
What is the official process to recover account access in this situation?
What documentation will Apple require to verify our company ownership?
Who should we contact at Apple to start this process?
Any guidance from developers who have experienced a similar situation would be greatly appreciated.
Note: I'll be happy to provide more details if needed, while keeping sensitive information private.
Thanks in advance for your help!
I've installed two different profiles and having no issues using them until iOS 17, 18.0 (certainly for 17, but not so sure for 18).
But after upgrading to 18.2 and even developer beta 18.3, installed profiles are not showing on the Setting / General / VPN &amp; Device Management.
So I can't even uninstall, also I can't reinstall unless I factory reset by iPhone, iPad and not using iCloud backups.
First profile is DNS profile downloaded from website(NextDNS) and the second profile is made by my own, configuration for the cellular APN setting.
(DNS setting is shown on the setting but there's no profile showing, I did not uninstalled or removed it)
(Installing the custom celluar configuration profile failed, since it's already installed but just not showing as above)
All happens on my iPad pro M1 12.9, ipad mini 2021, iphone 12 mini(18.3, else are 18.2), and iphone 16 pro max.
Want to know if it's bug, and any resolution excluding factory reset and start using from scratch(It's very useless solution). Thank you.
Hello. I bought a new Iphone 16, 2 days ago in my store, but when I checked it at home, it turned out that it was installed using the Telia Sweden ( Remote Management System ).
Can someone help me remove this Telia RMS system from my smartphone so that it is not configured for Telia during setup? Since their configurator blocks my smartphone, with a note - Lost Iphone. The device has been blocked by Telia.
I have been using Apple equipment for 10 years, I have phones and tablets. I need help
I'm trying to use DDM manager Safari Extensins in macOS Sequoia. I generate json and load it by mdm and ddm , but it doesn't seems to work. The json I loading is the following:
{
"Type": "com.apple.configuration.safari.extensions.settings",
"Payload": {
"ManagedExtensions": {
"*": {
"State": "AlwaysOn",
"PrivateBrowsing": "AlwaysOn",
"AllowedDomains": [],
"DeniedDomains": []
}
}
},
"Identifier": "com.test.safari"
}
This following image is macOS Sequoia Console log. It show the "com.apple.configuration.safari.extensions.settings" had been run successfully, and no errors.
macOS Sequoia response is the following:
{
"StatusItems" : {
"management" : {
"declarations" : {
"activations" : [
{
"active" : true,
"identifier" : "com.example.act",
"valid" : "valid",
"server-token" : "5cc191206d1b1933"
}
],
"configurations" : [
{
"active" : true,
"identifier" : "com.test.safari",
"valid" : "unknown",
"server-token" : "29d3ec5ab48e6367"
}
],
"assets" : [
],
"management" : [
]
}
}
},
"Errors" : [
]
}
you can see macOS Sequoia response , The "valid" value is always "unknown" at ""identifier" : "com.test.safari", but "Errors" is empty, Safari app don't load extensions , the SafariExtensionSettings" ddm don't work, Is there anything wrong with "SafariExtensionSettings" json? or how can I debug it
I'm trying to use DDM manager Safari Extensins in macOS Sequoia. I generate json and load it by mdm and ddm , but it doesn't seems to work. The json I loading is the following:
{
"Type": "com.apple.configuration.safari.extensions.settings",
"Payload": {
"ManagedExtensions": {
"*": {
"State": "AlwaysOn",
"PrivateBrowsing": "AlwaysOn",
"AllowedDomains": [],
"DeniedDomains": []
}
}
},
"Identifier": "com.test.safari"
}
macOS Sequoia response is the following:
{
"StatusItems" : {
"management" : {
"declarations" : {
"activations" : [
{
"active" : true,
"identifier" : "com.example.act",
"valid" : "valid",
"server-token" : "5cc191206d1b1933"
}
],
"configurations" : [
{
"active" : true,
"identifier" : "com.test.safari",
"valid" : "unknown",
"server-token" : "29d3ec5ab48e6367"
}
],
"assets" : [
],
"management" : [
]
}
}
},
"Errors" : [
]
}
you can see, The "valid" value is always "unknown" at ""identifier" : "com.example.act", but "Errors" is empty, Safari app don't load extensions , the SafariExtensionSettings" ddm don't work, Is there anything wrong with "SafariExtensionSettings" json? or how can I debug this bug .
Hi, I'm glad to hear that the service discovery process is improved on iOS/iPadOS 18.2 mentioned here.
https://support.apple.com/en-ca/guide/deployment/dep4d9e9cd26/1/web/1.0
I tried it on my development MDM server.
Set default MDM for iPad to my development MDM server on Apple Business Manager.
Call the new API https://developer.apple.com/documentation/devicemanagement/account_driven_enrollment_profile and 200 OK is returned
However the service discovery fails with the following error.
Invalid well-known response for https://{my email's comain name}/.well-known/com.apple.remotemanagement?user-identifier={my email}&model-family=iPad: <NSHTTPURLResponse: 0x300a9f420>
Invalid well-known response for https://axm-servicediscovery.apple.com/mdmBaseURL?user-identifier={my email}&model-family=iPad: <NSHTTPURLResponse: 0x3009047a0>
It seems fallback process to https://axm-servicediscovery.apple.com/mdmBaseURL actually works but it returns 404 Not Found error.
How can we use this awesome feature?
Thank you :)
“At this rate, I’m starting to get frustrated. I’ve registered for the developer program twice, but they’re still asking me for the registration fee, and my registration is not being approved. Moreover, I haven’t received any response to my emails, and since the information is limited in English, I can’t search for solutions. Could someone please take care of this issue now?”
我有十一台M4芯片的mac mini,目前通过AC2将设备挂载在ABM中。目前有10台通过接口 “https://mdmenrollment.apple.com/device/activationlock” 启用企业激活锁去出现INTERNAL_SERVER_ERROR错误,只有一台成功了,成功那台设备使用的ABM账号与其他设备使用的ABM账号不同所属组织也不同。
I have eleven M4 chip Mac mini devices, currently mounted in ABM through AC2. Currently, there are 10 units that have passed the interface“ https://mdmenrollment.apple.com/device/activationlock ”Enabling the enterprise activation lock resulted in an INTERNAL_SERVER-ERROR error, and only one device succeeded. The successful device used a different ABM account than the other failed devices and belonged to a different organization.
Hi,team:
I have configured SystemExtensions and WebContentFilter for supervised devices through mdm, and set NonRemovableFromUISystemExtensions in SystemExtensions, but found that my network filter cannot be deleted in macOS10, macOS11 and macOS12, but it can still be turned off by selecting the network filter in the network and choosing to disable the service. However, it cannot be turned off in macOS13, macOS14 and macOS15. How can I prevent supervised devices from turning off the network filter in 10, 11 and 12?
The macOS 10.15.7 image is as follows:
macOS15.1.1 cannot delete and cannot close the image as follows:
Hope to receive your reply!