I am using an MDM solution to set Dock settings of macOS device. When I set "autohide-immutable" key as true, "Automatically hide." button should be locked. But in our case, "Automatically hide" button is not locked until we change, or click some other option in the Dock Settings. After clicking an option in Dock Settings, "Automatically Hide" button gets locked. The problem in here is that we can also click "Automatically Hide" button and change it's value before it is locked. https://developer.apple.com/documentation/devicemanagement/dock

The InstallProfile command to install a configuration profile on a Mac is available on both the Device Channel and the User Channel for macOS, according to.. https://developer.apple.com/documentation/devicemanagement/install_a_profile What is it then, in my construction of this command, that determines on which channel it is sent? In other words, how do I force it to use the Device Channel (since mine contains device configuration payloads) and not the User channel?

requireManagedPasteboard - boolean If true, copy and paste functionality respects the allowOpenFromManagedToUnmanaged and allowOpenFromUnmanagedToManagedrestrictions. Also available for user enrollment. As it is suggested , It doesn't allow the text to be copied from managed apps and pasted in any unmanaged app and also ViceVersa. But there is an another way to get the text to other Unmanaged/Managed App by highlighting a text from mail content and click on the 'share' option leads the text to be opened in the destination App. Steps: Pushed a Managed Account to Native Mail App. Pushed a Restriction with "requireManagedPasteboard" Opened a Mail and highlighted the text contents Click on Share Option . It will list all the app (both Managed and Unmanaged ) to share the text. I clicked on Notes App. The Highlighted Text got moved to the Notes App. The Same when tried to Copied and pasted in Notes App. It says "Enabled Restriction for Copy/Paste " Attached the screenshot where does the "Share" Option appear. Kindly check whether this is the default behaviour or anything am i missing?

I'm developing an app that has a URL blocking feature(Web Content Filter). Want to upload on the app store so any user can download the app. To do that I've to set up MDM server. I've Company / Organization account. Can anyone guide me through MDM Process? I have a few questions. What kind of account is needed? What things need to be done from the app(mobile) side? What things need to be done from the server-side? What will be the procedure to create MDM profile and distribute it to the app store user.

WWDC21 session 10123 shows a screen that implies the guardian instance of your app is able to select apps on your child's device to encourage or to control. In my experience with the API so far I can't see a way to do this. The API only seems to work on the child's phone. Here are my questions: Is there a suggested way to determine whether the app is running on a guardian device? The only way I can see is to attempt AuthorizationCenter.shared.requestAuthorization and check for an error value of .invalidAccountType. But it seems you could get that error for other reasons too. Is there a way to present FamilyActivityPicker on the guardian device but have it show apps on the child's phone? I don't see any thing in the API for selecting a child account to access with `FamilyActivityPicker', it seems to only show the phone's user's apps (or no apps if it's the guardian's phone). After retrieving app tokens from 'FamilyActivityPicker' is there a recommended way to present to the user in the UI? The WWDC session shows an app icon and app name (i.e. "Books" and "Solar System"), but my understanding is that info is hidden from the developer for privacy reasons. So I'm wondering if the example in the session is really feasible.

I managed to achieve the list of children's applications on the parent device. But I can't manage restrictions for these applications. Is it only available from the child's device or there is a solution for the app management from the parent's app?

Hi, We are an MDM Solution, who is trying to collect the Data Usage Datas from iOS Devices. We have our own Native app, there we can able to get the data usage with some limitations While trying to fetch continuously, it shows usage for maximum upto 4GB. After 4 GB, it again resets the current count and starts from 0 . Forum Link Also These Above data fetched on one instance resets to zero on Restarting Device, So we are planning for Content Filter Provider extensions to get a track of data usage. We have no clear Documentations to use this. With Some third party domain references , Below are the Questions on it. For Content Filtering to be working , We need to add a plugin web content Filter with apps distribution Certificate as its authentication. -> As we are an MDM solution ,Is it needed to give all the cx our Distribution Certificate with its private key? Will the Content Filtering will satisfy our needs, as we can see that it works on tight container ? Is it possible to collect the data usages of the device without any limitations? It will good ,if there was a proper apple document to use this extension. Is it any there? Also will it be possible to use this without the distribution Certificate Authentication? Apple Doc: Link Any Suggestions are welcome. Thanks in Advance

I have a valid package that is failing when I deliver it via MDM. The package meets all of the criteria necessary for delivery via MDM (available freely, signed, distribution-style) but when it's delivered, the device fails to install: default 12:09:23.398734-0500 mdmclient Processing install phase 99 for E7A2748E-E38F-4976-A440-FFA7F4E6002B ==> { "Error" = { code = 660; domain = ASDErrorDomain; userInfo = { NSLocalizedDescription = "Could not create PKProduct"; NSLocalizedFailureReason = "Could not create PKProduct"; }; }; "Success" = 0; } default 12:09:23.399787-0500 mdmclient Processing install phase 97 for E7A2748E-E38F-4976-A440-FFA7F4E6002B ==> { "Error" = { code = 660; domain = ASDErrorDomain; userInfo = { NSLocalizedDescription = "Could not create PKProduct"; NSLocalizedFailureReason = "Could not create PKProduct"; }; }; "Success" = 0; } error 12:09:23.400711-0500 mdmclient [ERROR] Aborting app install: Error Domain=ASDErrorDomain Code=660 "Could not create PKProduct" UserInfo={NSLocalizedDescription=Could not create PKProduct, NSLocalizedFailureReason=Could not create PKProduct} default 12:09:23.400752-0500 mdmclient Install phase 97 (E7A2748E-E38F-4976-A440-FFA7F4E6002B) completed. Result: ==> Error Domain=ASDErrorDomain Code=660 "Could not create PKProduct" UserInfo={NSLocalizedDescription=Could not create PKProduct, NSLocalizedFailureReason=Could not create PKProduct} default 12:09:23.402070-0500 mdmclient Processing install phase 98 for E7A2748E-E38F-4976-A440-FFA7F4E6002B ==> (null) default 12:09:23.403122-0500 mdmclient Install 'E7A2748E-E38F-4976-A440-FFA7F4E6002B' finished. Sucess: no Error: { code = 660; domain = ASDErrorDomain; userInfo = { NSLocalizedDescription = "Could not create PKProduct"; NSLocalizedFailureReason = "Could not create PKProduct"; }; } What causes these 660 errors? Error.txt

Hey everyone, we've experienced strange behavior in the iOS system with a GHP profile and the PAC file evaluation when there's no internet connection. The setup: Router is not connected to the internet Device connects to a Wi-Fi provided by the router Device has mobile data disabled Device has a proxy set via GHP with a PAC file URL Device tries to access a website on a local IP address (e.g. 192.168.1.1) PAC file: function FindProxyForURL(url, host) { if (shExpMatch(url, "*:993/*")){ return 'DIRECT';}if (shExpMatch(url, "*:465/*")){ return 'DIRECT';}if (shExpMatch(url, "*:587/*")){ return 'DIRECT';} if (isPlainHostName(host) || shExpMatch(host, "*.local") || isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") || isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") || isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") || isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")) return 'DIRECT'; return 'PROXY my.proxy.address;DIRECT'; } The result: The device is not able to connect to local addresses, the request times out. Based on the PAC file rules, when accessing the 192.168.1.1 address, the proxy should have been bypassed and it should go directly: isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0"). However, it seems, that the device is still trying to go via proxy which is unreachable since the router is not connected to the internet. The GHP profile has even the flag to bypass proxy if unreachable enabled: <key>ProxyCaptiveLoginAllowed</key> <true/> <key>ProxyPACFallbackAllowed</key> <true/> If we remove the GHP profile from the device, everything works. And if the device has cellular data enabled, it works as well. This setup is used by a customer that is connecting to such router in elevators for some maintenance, so they usually have no signal there - the cellular interface is not working and from time to time, the webpage is successfully loaded - I assume that the device had a signal for a short period of time. I just wanted to check with you if there's anything we do wrong in the proxy setup before reporting a bug. Right now we're trying to reproduce this behavior with CFNetworkDiagnostics and NetworkDiagnostics profiles installed so we have more logs. Although, we've noticed the following message in the logs: CFNetworkAgent PAC Fetch failed with cached error [NSURLErrorDomain:-1009] Have anyone experienced something similar? Thanks in advance!

Hi, I am trying to remove my app from all devices i have installed it on so far. I have tried disabling the devices under the device tab, removing provisioning profiles, revoking certificates however the app still functions perfectly. I am wondering if theres a way to revoke access to my app remotely as i am unable to reach a few of the required devices or if i will have to wait until the profile expires in a year.

I have an Intel iMac 27" that disables 'Screen Sharing' and 'Remote Login' after each and every macOS system update. This started with Big Sur, I believe. Latest update was Monterey 12.3.1, and after update/reboot, remote access was again disabled. Any ideas why this is happening and how to prevent it?

Hi, Will there be a solution to these bluetooth problems. My iPhone 7 worked well, till it died, so I upgraded and I was given a iPhone 12. Some times it will pair, make one call and then it fails until I switch the car off, restart the phone, sync and pair again and if I am lucky it will allow me to make one call. Also, it says synchronised, and when trying to make the call nothing happens. On my phone it says connected. Hope something or new IOS will be released. I have tried IOS 15 beta, but that does not work either

Since 8.2p1 OpenSSH support for FIDO/U2F hardware authenticators, add "ed25519-sk" and "ecdsa-sk" key type. macOS Monterey 12.2 bundled OpenSSH (version: 8.6p1) doesn't include built-in security keys support, but it seems that user can specify middle ware library to use FIDO authenticator-hosted keys (see man ssh-add, man ssh_config and man ssh-agent). I try to implement FIDO security key provider library, but bundled ssh-agent seems don't try to load the implemented library and simply return with "unknown or unsupported key type": $ ssh-agent -d -P "/*" SSH_AUTH_SOCK=SOME_VALUE; export SSH_AUTH_SOCK; echo Agent pid SOME_VALUE; debug1: new_socket: type = SOCKET debug2: fd 3 setting O_NONBLOCK debug1: new_socket: type = CONNECTION debug3: fd 4 is O_NONBLOCK debug1: process_message: socket 1 (fd=4) type 25 debug2: process_add_identity: entering debug1: parse_key_constraint_extension: constraint ext sk-provider@openssh.com debug1: process_add_identity: add sk-ssh-ed25519@openssh.com SHA256:KEY_HASH "KEY_COMMENT" (life: 0) (confirm: 0) (provider: /path/to/libsk-libfido2.so) debug1: new_socket: type = CONNECTION debug3: fd 4 is O_NONBLOCK debug1: process_message: socket 1 (fd=4) type 11 debug2: process_request_identities: entering debug1: process_message: socket 1 (fd=4) type 13 debug1: process_sign_request2: entering Confirm user presence for key ED25519-SK SHA256:KEY_HASH process_sign_request2: sshkey_sign: unknown or unsupported key type User presence confirmed Manually install OpenSSH from third-party (such as MacPorts/Homebrew, or simply build it from source code) works, but third-party OpenSSH can't read passwords stored in Keychain. Is bundled OpenSSH disable hardware key support at build time? Advice most appreciated. Thank you!

When I am coding my app the first line of my code say that there is an error due to "expressions are not allowed at the top level" can somebody please help me.

Hello everyone, I need to disable to open "Settings" and "Files" apps in iphone/ipads. In my scenario, an iphone/ipad device can be used by more than one people. So I want to a disable/hide mechanism so those users can not open Files and Settings apps in the device. How can i achieve that programmatically or other solutions?

Hello everyone, I need to delete all sms's in iphone/ipads. In my scenario, an iphone/ipad device can be used by more than one people. So I want to delete all sms in the device which belongs to previous user. How can i achieve that in programmatically or other solutions?

Hello everyone, I need an automation to logout appleid from iphone/ipads. In my scenario, an iphone/ipad device can be used by more than one people. So I want to logout the apple account in device which belongs to previous user So new user can not see the previous user's account. How can i achieve that in programmatically or other solutions?

Hello, I have an apple tv that the UDID is 44 characters and I am trying to add it in the Devices on the developer portal. https://developer.apple.com/account/resources/devices/list When I do it through fastlane I get the error: "errors" : [ { "id" : "2ee5f5ff-3f1b-4867-b56f-a35e18f403e6", "status" : "409", "code" : "ENTITY_ERROR.ATTRIBUTE.INVALID", "title" : "An attribute in the provided entity has invalid value", "detail" : "An invalid value '********************************************' was provided for the parameter 'udid'." } ] } When I do it manually from Developer portal the device is being submitted but in the process the last 4 digits are being cut from the UDID so only 40 pass and the device is being recognised as iPod. Do you know how can I add this device in the Device list?

Hello, I am trying to supervise a device that has been used for a period of time. I do not want to lose any of the data on the device. I do not have Apple School or Business Manager. How can I supervise the device without any data loss? Thanks.