Device Management

RSS for tag

Allow administrators to securely and remotely configure enrolled devices using Device Management.

Device Management Documentation

Posts under Device Management tag

257 results found
Sort by:
Post not yet marked as solved
600 Views

Family Controls application-identifier Entitlement error while blocking an application

I was able to start the device activity monitor. I was able to see the Device Activity Monitor Extension as a process, and was able to attach to it via Xcode. Now I am trying block a specific 3rd party application, via the Shield. I am using this piece of code for intervalDidStart :    override func intervalDidStart(for activity: DeviceActivityName) {     NSLog("Interval started for Device Activity")     let blockedApps : Set<Application> = [Application(bundleIdentifier: "com.facebook.Facebook")]     store.application.blockedApplications = blockedApps     super.intervalDidStart(for: activity) } I've declared store in the DeviceActivityMonitor class as follows :    let store = ManagedSettingsStore() This is the error I see in the Console: Error Domain=UsageTrackingErrorDomain Code=1 "Something without a application-identifier entitlement tried to manage usage budgets" UserInfo={NSLocalizedDescription=Something without a application-identifier entitlement tried to manage usage budgets} The above use case should work right? I should be able to apply the settings inside DeviceActivityMonitorExtension? What does the application-identifier entitlement look like? How do I use it?
Asked
by nmik2020.
Last updated
.
Post not yet marked as solved
507 Views

Is MDM push also not support legacy binary protocol as of November 2020?

Hi, I want to ask is MDM push also not support legacy binary protocol as of November 2020? If not support, may I ask what the http2 header need to append for mdm push? Here is my header: {"apns-topic": 'com.apple.mgmt.External.xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx',"apns-push-type": 'mdm'} The post url is: api.push.apple.com:443/3/device/@deviceToken The mdm payload : { 'mdm':'@pushMagic' } And I always receive the BadDeviceToken, is something I mistake? Thanks.
Asked
by Frank EE.
Last updated
.
Post not yet marked as solved
1.3k Views

Changing MDM Apple ID

We have taken a new client using InTune. The previous tech used his appleID to generate the MDM push cert for InTune. That cert is going to expire and I cannot renew it because I don't have access to his appleID account, and the cert is attached to his appleID. Intune won't let me "renew" a cert from a different appleID so i have to create a new one, remove the old cert (which should force all apple devices connected to InTune to disocnnect from Intune), and apply the new cert. I then would have to re-attach all the apple devices to the InTune account. However, I have been told my Microsoft and other support pages that the expiring cert can have the appleId that it's attached to changed on the back end by apple. It would be best to have the ID on the old expiring cert changed form the old appleID to the new appleID that i created the new MDM cert from, so I don't have to do the whole song and dance described above. I need somebody from apple to help get that changed so we don't have to remove the apple devices in InTune for the new cert.Thank you
Asked
by Kintech.
Last updated
.
Post not yet marked as solved
217 Views

Expired MDM Push Certificate for iOS - Intune

Hi, We have an MDM Solution which is Microsoft Intune and one of the requirement for iOS Enrollment is MDM Push Certificate. But it is already expired and the Apple ID account used for the certificate is no longer in the company. Hope someone can help us with this. Thanks!
Asked
by YvetteEMS.
Last updated
.
Post not yet marked as solved
5.3k Views

Unable to scan QR Code via Camera App on MDM-managed iOS 14 devices

Overview: Our phones currently are configured with a basic MDM iOS policy. The policy has not been changed since January this year. After the update from iOS 13 to iOS 14, the functionality to scan bar code via the Camera app stopped working. A border surrounding the barcode shows up, but the safari pop-up link does not drop down for a user to click. Relevant settings: There are no restrictions on the camera app and the "Scan QR Code" setting is turned ON After more research, the following has been identified: After un-enrolling the device with MDM, the QR Code scanner works as expected. A factory reset selecting "Erase All Content" option was completed on an iPhone6S and an iPhone7 (iOS 14.0.1) and this resolved the issue. After deploying an empty MDM policy to a test phone, the functionality was still not restored. Any ideas on what could be causing the issue?
Asked
by id10t555.
Last updated
.
Post not yet marked as solved
269 Views

Requesting Authorization for Family Controls Returns Invalid Arugment

Hi all, I have a sample app which I created in my local development env. I added the Family Controls capability and the simulator is logged-in to a child account on iCloud that is part of a family group. When I request authorization I keep getting Error Domain=FamilyControls.FamilyControlsError Code=3 "(null)" in the error object returned with the failure result. I am thinking Code 3 represents the enum case for FamilyControlsError which would be invalidArgument. What does that mean and how do I fix it? Also is there a way to map the error object into an FamilyControlsError rather than guess which enum case it is? Here is my code: import SwiftUI import FamilyControls @main struct TestScreentimeAPIApp: App {     @UIApplicationDelegateAdaptor private var appDelegate: AppDelegate     var body: some Scene {         WindowGroup {             ContentView()         }     } } class AppDelegate: NSObject, UIApplicationDelegate {     func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey : Any]? = nil) -> Bool { if #available(iOS 15.0, *) {             let center = AuthorizationCenter.shared             center.requestAuthorization { result in                 switch result {                 case .success():                     break                 case .failure(let error):                     print("error for screentime is \(error)")                 }             }         } }
Asked
by yahalawa.
Last updated
.
Post not yet marked as solved
89 Views

I couldn't enroll the developer program because of ignore or bugs from the Apple.

I've trying to enroll the program since 15 of July. I couldn't pay from the app because the app show me a "unknow error". In the support there is no answers, why this is really happens and they didn't want to do anything. Could anybody help me to register developer account? What could i do next?
Asked
by IgorMess.
Last updated
.
Post not yet marked as solved
392 Views

Configuring Shared iPad

I'm looking to play around with the Shared iPad feature for application testing. I see that the Profile Manager in in OS X Server 5.1 provides Support for Shared iPad. However I'm not seeing where that would be enabled, nor am I able to find any documentation detailing the configuration. I also tried using Apple Conifigurator, and I don't see a checkbox for "Enable Shared iPad" (see this thread). Has anyone gotten this working? Is this feature only something that is available if you are an educational customer (which this note seems to allude to)?
Asked
by devzero.
Last updated
.
Post not yet marked as solved
90 Views

[FileVault]Fail to escrow FileVault Personal Recovery Key after encryption certificate get renewed on MDM server

We are using FileVault PRK escrow feature in our MDM server. And hit issue when the certificate used for PRK encryption get expired and renewed. From the test result, seems PRK encryption always uses the OLD certificate, which was initially used to enable the FileVault and escrow the PRK, even if the FileVault policy is updated with NEW certificate and already pushed to device. The only thing we can do to get the key escrowed successfully, is to toggle (turn off then turn on) FileVault on device. Seems MacOS will use the NEW certificate to encrypt the PRK after toggling FV. We will need Apple's feedback/suggestion if anything we can do to make device pick the new cert for encryption without user interaction(toggle FileVault on device). I have an Apple feedback ticket created for this: FB9582469 Repro steps: MDM server will inject a certificate in FDERecoveryKeyEscrow payload MDM will push the FileVault profile to device, the profile is installed successfully Enable FileVault on device, select option to “store key” in my MDM server The PRK will be generated and escrowed to MDM server CEM can decrypt the encrypted PRK with the private key of the certificate mentioned in step-1 —————Here issue comes——— The certificate mentioned in step-1 get expired, and we renew it on MDM server Push a new FileVault policy injected with the renewed certificate in FDERecoveryKeyEscrow payload From our test result, seems device is still using the old certificate to encrypt the PRK, and CEM fails to decrypt it If we toggle(turn off then turn on) FileVault on device, the new key can be decrypted successfully by MDM server. Thanks, Wei
Asked Last updated
.
Post not yet marked as solved
93 Views

Monterey Admin Rights

I am currently using the beta Mac OS (Monterey 12.3) and am having issues regarding admin rights. When logged in using my admin account I cannot perform any functions that require admin rights. When I look at the account the check box for admin rights IS checked but it is greyed out. It stays that way even after you unlock using the “click lock to make changes”. I setup another account and made it an admin as well but when I log into it, it behaves exactly the same way. I went through a full reload and time machine restore but that did not fix it. Any suggestions? Online research has not yielded any help yet. Thanks in advance!
Asked
by djhansen2.
Last updated
.
Post not yet marked as solved
143 Views

Screentime exemption

Is there a way to tell if Screentime is ON and the user has set a Downtime or App Limit and my app was NOT on the Always Allowed list? Is there a Screentime exemption for a medical app that must always be accessible for the safety of the user?
Asked
by GAC.
Last updated
.
Post not yet marked as solved
299 Views

iPhone disconnects when Xcode launches

I am experiencing an issue with Xcode and my iPhone. When I connect my iPhone to my Macbook, all is okay. The device is detected and everything works correctly. However, launching Xcode (just accessing the "Welcome to Xcode" project selection screen) causes the device to be instantly disconnected from my laptop and disappear from Finder. When I go to Window - Devices and Simulator, my device is not recognized anymore. When I physically disconnect the reconnect it, it appears one second and disappears instantly. Closing Xcode lets me reconnect the device normally. Due to this issue, I am not able to use my physical device for development purpose. Could you please let me know how to fix this ? Laptop : Macbook Pro 2017 13'' - BigSur 11.2.3 Xcode : 12.4 Device : iPhone 7 - iOS 14.4.
Asked
by kgeorget.
Last updated
.
Post not yet marked as solved
142 Views

Untrusted Developer

Hi, this is to help people who facing this message when building application in their iOS devices. Here are steps to solve this problem. 1- Go to the setting in your iphone 2- General 3- Device managment (under VPN) 4- click on Apple Development 5- click on Trust "Apple Development: youremail@email" 6- you will like this message , press Trust Great! your project will open in your iOS device now. Note: don't forget to set signing setting in your Xcode
Asked
by Athir.
Last updated
.