Is there a way to check if DDM(Declarative Device Management) is enabled on a device?

The new profile added to manage the cellular private network is not getting installed on the device end - https://developer.apple.com/documentation/devicemanagement/cellularprivatenetwork?changes=_9 When we try to oinstall the profile we get these error messages. {'Status': 'Error', 'CommandUUID': '556d4936-7514-4121-af8d-3f0bf855a9e6', 'ErrorChain': [ {'ErrorCode': 4001, 'ErrorDomain': 'MCInstallationErrorDomain', 'USEnglishDescription': 'Profile Installation Failed', 'LocalizedDescription': 'Profile Installation Failed'}, {'ErrorCode': 4001, 'ErrorDomain': 'MCInstallationErrorDomain', 'USEnglishDescription': 'Profile Failed to Install', 'LocalizedDescription': 'Profile Failed to Install'}, {'ErrorCode': 1009, 'ErrorDomain': 'MCProfileErrorDomain', 'USEnglishDescription': u'The profile \u201cprivate network policy\u201d could not be installed.', 'LocalizedDescription': u'The profile \u201cprivate network policy\u201d could not be installed.'}, {'ErrorCode': 4001, 'ErrorDomain': 'MCInstallationErrorDomain', 'USEnglishDescription': u'The payload \u201cPrivate Mobile Networks\u201d could not be installed.', 'LocalizedDescription': u'The payload \u201cPrivate Mobile Networks\u201d could not be installed.'}], 'UDID': '00008101-001E1DCA3A81001E'}

Hi Team, We have Apple's OS Update for Mac machines in our fleet . Where some Macs are Silicon previously at 14.2.1 and we updating them to 14.3 using Command ScheduleOSUpdate with InstallAction key set to Default. We also have set restriction set with keys forceDelayedSoftwareUpdates set to true and enforcedSoftwareUpdateDelay set to 1 For Updating at earliest. FYI, These machines already have FileVault Encrypted with them and also has Admin User After Restart We can see that the device automatically boots to Recovery Mode asking for a "Recovery Key" to continue , Even When we have given the personal recovery key (or) Trying to unlock the disk using Admin user's Credential in Startup Disk Things not working. FYI , The machine have asked for BootStrap Token After ScheduleOSUpdate Command And MDM have given them in Response Can We please know where there is a issue and why this behaviour is occurring

Hello Apple Community, Issue encountered during the installation of an app via DDM (Declarative Device Management) on iOS 17.3 devices. When applying an app configuration and managed app list status event through declarative management, the configuration is successfully applied, but the configured app is not being installed on the device. Upon closer inspection, we have identified that the error "ManagedAppDistribution.ManagedAppDistributionError" is being logged during this process. My Configuration: { "Type": "com.apple.configuration.app.managed", "Identifier": "com.mdm.1740e623-4361-498d-af02-b433500d58bd.ManagedAppDDM", "ServerToken": "1706282674113", "Payload": { "AppStoreID": "361309726", "InstallBehavior": { "License": { "VPPType": "Device" }, "Install": "Required" } } } { "Type": "com.apple.configuration.management.status-subscriptions", "Identifier": "com.mdm.9c70c80f-406a-425a-8829-1025652f05c6.ManagedAppListStatus", "ServerToken": "1706282673976", "Payload": { "StatusItems": [ { "Name": "app.managed.list" }, { "Name": "mdm.app" }, { ... } ] } } DDM Response: { "StatusItems": { "management": { "declarations": { "activations": [ { "active": true, "identifier": "DEFAULT_ACT_0", "valid": "valid", "server-token": "1706282674113" } ], "configurations": [ { "active": true, "identifier": "DEFAULT_STATUS_CONFIG_0", "valid": "valid", "server-token": "3" }, { "active": true, "identifier": "com.mdm.1740e623-4361-498d-af02-b433500d58bd.ManagedAppDDM", "valid": "valid", "server-token": "1706282674113" }, { "active": true, "identifier": "com.mdm.9c70c80f-406a-425a-8829-1025652f05c6.ManagedAppListStatus", "valid": "valid", "server-token": "1706282673976" } ], "assets": [], "management": [] } } }, "Errors": [ { "Reasons": [ { "Code": "ManagedAppDistribution.ManagedAppDistributionError.0", "Description": "The operation couldn’t be completed. (ManagedAppDistribution.ManagedAppDistributionError error 0.)" } ], "StatusItem": "app.managed.list" } ] } Note : The ManagedAppDistribution framework extension appears to not be implemented in this context. Kindly help us with this issue. Thanks in advance.

Please tell me about the NotNow status returned by the MDM command for Apple devices. ◾️I would like to check I am aware that there are some MDM commands that return a status NotNow when the device is locked and the command cannot be executed. I am aware of InstallProfileCommand and SecurityInfoCommand. https://developer.apple.com/documentation/devicemanagement/installprofilecommand https://developer.apple.com/documentation/devicemanagement/securityinfocommand Please answer the following two questions. ◾️Question I would appreciate an answer with the official name of the command and the URL of the command's reference, if possible. Question 1 Please tell us if there are commands other than InstallProfileCommand and SecurityInfoCommand that return status NotNow because the command cannot be executed if the terminal is locked. Question 2 Please tell us if any of the following commands return the status NotNow because the command cannot be executed if the terminal is locked. DeviceConfiguredCommand AvailableOSUpdatesCommand ScheduleOSUpdateCommand OSUpdateStatusCommand

I need help pairing apple watch to Supervised iPhone with MDM. Need to know which apple bundle id is the one resposable for the connection. By now the watch does pair with the iPhone but some of the apps dont appear on the apple watch though I've already allowed those bundles in my MDM. Thank you!

Hello, Dear Engineers I have distributed a management profile from Aplle Configurator to my terminal with reference to the following document https://developer.apple.com/documentation/devicemanagement/cellularprivatenetwork Situation: We tested the device in an environment where both Wi-Fi and cellular connections were available, Wi-Fi seemed to have priority in the operation. This is because CellularDataPreferred, which is set in the distributed management profile, is enabled, I would like cellular to be given priority. I am using iPhone 15 (iOS 17.1.2). Question： ・Is there anything else missing besides the Profile Example to make CellularPrivateNetwork's Device Management Profile work properly? ・Has anyone confirmed that CellularPrivateNetwork's Device Management Profile works correctly? BestRegards

hi! https://developer.apple.com/documentation/devicemanagement/applayervpn I have a question about AssociatedDomains in the AppLayerVPN reference above. From the description, I believe that this property triggers the VPN when the app is launched with a universal link and connects to the domain specified in AssociatedDomains. Is that correct in your understanding? I specified "twitter.com" as a test, and the VPN was not triggered when the universal link was executed from safari, etc. How can I make a VPN connection with the domain connection specified in the AssociatedDomains property? If you could please let us know with some real life examples. I will pass on your thanks in advance. Thanks.

When attempting to renew a certificate after December 18, 2023, an error may be displayed, preventing the renewal of the certificate. It seems that repeating the process multiple times can occasionally lead to success, indicating that there is no issue with the CSR file. This occurrence has been observed in multiple MDM services, including Intune, Work Space One, and various other MDM vendors, suggesting a malfunction with Apple's servers. We hope that this issue will be promptly resolved and fixed. Although unrelated to the previous issue, when pressing "Manage Certificates," it redirects back to the login screen instead of returning to the certificate list page. Please fix this so that it returns to the certificate list page.

https://developer.apple.com/documentation/managedappdistribution As stated in the above documentation, to use this framework, App should be enabled the following entitlement . The Managed App Installation UI entitlement is required to use this framework. But in developer portal it is not found .Is there any other requirements Apple will expect in order to use this entitlement.? Any help will be appreciated.

I maintain an iOS and Apple TV app that share a bundle ID. We recently updated our Apple TV app to version 5 but iOS remains at version 4.6.6. However when you view the App Store Preview page it only shows the iOS version history and version number. Example https://apps.apple.com/us/app/trilbytv-player/id674488346?platform=appleTV I believe this also has a knock on effect for MDM systems as we are aware of an issue where Jamf may not be able to allow Apple TV devices to update to v5 as the app store data it uses reports the iOS version number not the platform specific version.

We have an existing version of a mobile app in Appstore. This app was written in ionic version 2.2, more than 4 years back. To improve user experience and to add helpful features, we re-wrote the app in React Native. We are planning to release this new version in 2024. We want a recommendation on how to release the new version in a controlled way to selected few users only. We will have a specific target audience for the new version, not random sampling (so, can't use phased release option). User selection will be driven by a database. Constraints as follows. Old app is frozen. It's very difficult to change anything in it. We do not have MDM. It’s a public facing app. We should be able to control who get’s which version of the app. We should be able to roll back to the old app if needed. We are trying to bundle both apps in a container app which will route the user to the old or new version of the app (within the same bundle). Have anyone done anything like this before? If not, do you see any technical difficulties with the approach either during coding or during Appstore review?

I'm encountering a strange issue with PPPC configuration files and app visibility in Security & Privacy for standard users on the latest macOS version. The Scenario: I created a PPPC file granting accessibility and screen recording permissions for my app. I deployed the PPPC file to devices using MDM. Surprisingly, the app doesn't appear under Security & Privacy > Privacy > Screen Recording or Accessibility for standard users. However, if I remove the PPPC file, the app instantly shows up in those locations. What I've Tried: Double-checked the PPPC file syntax and permissions configuration. Redeployed the PPPC file and verified successful installation on devices. Restarted devices and re-registered the MDM profile. The Impact: This issue prevents standard users from granting my app the necessary permissions through the standard system interface. They require admin intervention to grant permissions manually, which is inconvenient and not ideal for our workflow. Seeking Help: I'm reaching out to the community for any insights or suggestions on resolving this issue. Has anyone encountered a similar problem with PPPC files and standard user permissions? Any advice or potential solutions would be greatly appreciated!

I registered a Mac as a device in apple-developer using a third-party UID for collaboration, but the Mac cannot be selected when creating a provisioning profile. And they say udid and uuid are the same. Why is that? The third party's Mac has been updated to Ventura OS using Open Core patcher.

Push notification for PWA app is supported on iOS >= 16.4. I want to restrict app usage using Restriction payload of configuration profile. Formerly we could it by defining a restriction like this. (actually via MDM) <key>whitelistedAppBundleIDs</key> <array> <string>com.apple.webapp</string> </array> However on iOS >= 17.0, the notification setting of the PWA app is disappeared!! Without the restriction payload, or with the restriction payload without whitelistedAppBundleIDs, the notification setting for the PWA app is shown as expected. Also we discovered that the issue can be avoided by adding com.apple.WebKit.PushBundle.xxxxxx into the restriction payload. <key>whitelistedAppBundleIDs</key> <array> <string>com.apple.webapp</string> <string>com.apple.WebKit.PushBundle.7880D99FB56F4FF7B5DC019E0EDBCBD0</string> </array> com.apple.WebKit.PushBundle.7880D99FB56F4FF7B5DC019E0EDBCBD0 can be found with console log using Apple Configurator. However it cannot be found via MDM command (ex. InstalledApplicationList). We want to configure and install the restriction payload into multiple devices via MDM. So how can we know the com.apple.WebKit.PushBundle.xxxxxx via MDM? or how can we enable push notification settings for PWA apps with restriction payload? Thank you

I'm encountering challenges deploying two unlisted applications via MDM to an iOS 17.2 device. The first app successfully installed after presenting a user prompt upon distribution <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>Command</key> <dict> <key>RequestType</key> <string>InstallApplication</string> <key>iTunesStoreID</key> <integer>**********</integer> <key>InstallAsManaged</key> <true/> <key>ManagementFlags</key> <integer>5</integer> <key>ChangeManagementState</key> <string>Managed</string> </dict> </dict> </plist> Device Response for first app :- <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>Identifier</key> <string>*********************</string> <key>State</key> <string>Prompting</string> <key>Status</key> <string>Acknowledged</string> <key>UDID</key> <string>XXXXXXXXXXXX</string> </dict> </plist> However, deploying the second app resulted in an error message from the device. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>Command</key> <dict> <key>RequestType</key> <string>InstallApplication</string> <key>iTunesStoreID</key> <integer>**********</integer> <key>InstallAsManaged</key> <true/> <key>ManagementFlags</key> <integer>5</integer> <key>ChangeManagementState</key> <string>Managed</string> </dict> </dict> </plist> Device Response for second app :- <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallApplication</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>9610</integer> <key>ErrorDomain</key> <string>ASDServerErrorDomain</string> <key>LocalizedDescription</key> <string>License not found.</string> </dict> </array> <key>RejectionReason</key> <string>NotSupported</string> <key>Status</key> <string>Error</string> <key>UDID</key> <string>XXXXXXXXXXX</string> </dict> </plist> Can you confirm the iOS Devices support deployment of Unlisted apps without VPP app assignment ?

When we try to push blueprint for MDM over Wi-Fi in apple TV it fails, but in over the cable it works properly. After pushing the blueprint over Wi-Fi, the device gets rebooted and go through setup steps, at the end we don't see the step for Mobile Device Management. I'm attaching a sample Profile we attach to blueprint and Screenshot of Blueprint configuration.

I tried the new feature of iOS 17.2 com.apple.configuration.app.managed A configuration and its activation are defined with the data like this. { "Identifier": "389459bf-0902-58dd-be0e-11c83c695a8b", "Type": "com.apple.configuration.app.managed", "Payload": { "InstallBehavior": { "Install": "Required", "License": { "VPPType": "Device" } }, "BundleID": "com.microsoft.Office.Powerpoint" }, "ServerToken": "..." } After distributing the configuration with DeclarativeDevicement MDM command, an error is notified via status channel app.managed.list. { "active": true, "identifier": "389459bf-0902-58dd-be0e-11c83c695a8b", "valid": "valid", "server-token": "21b95e4cb0b616a3ac77a5905ed08756fa36f605ad1a30a9bd347a4a8092532c" }, "app": { "managed": { "list": [ { "state": "failed", "declaration-identifier": "389459bf-0902-58dd-be0e-11c83c695a8b", "identifier": "com.microsoft.Office.Powerpoint", "name": "Microsoft PowerPoint", "reasons": [ { "code": "Error.LicenseNotFound" } ] }, After VPP license for the app is assigned, I tried to issue DeclarativeManagement command again. However iOS device doesn't fetch the configuration because it is not changed. App installation is not retried even after the valid license is assigned. How can we trigger the retrying installation? Thank you