We install two in-house apps. The first app is installed using the standard in-house method, while the second app is installed via MDM commands. Both apps share the same Team ID and use Keychain sharing to exchange data. However, when the MDM profile is deleted and the second app is removed, the first app intermittently encounters issues and does not function properly. However, when the MDM mobileconfig is reinstalled and the second app is installed again, the first app that was not functioning starts working properly. We have thoroughly reviewed the logs but have not been able to find a solution. Your assistance would be greatly appreciated. We have extracted and attached the device logs that were generated during the error occurrence. log.log

Three months ago I molded a mold program. I believe could be tweaked and tried unlined zero code. swear. anyway I would like to scale with some people if I can go to commercial area code phoned series and calls.and if I have rights. but my next moves for them. on iOS I think they should have a seri settings. where they can call seri.on settings, and it jump many codes-and navigation is hard. plus I think seri can help in settings expecially since seri settings is verbal drop. if the words fit or are similar it cues goes to but you have to hard call the switch.so there’s no hey no Sami where you setting no Sammy right I think it could skip cauldron and everything verbally either. Seri settings I think iOS should try it.

Hi guys, I need to configure a VPN to work only for specific apps. I already have a supervised iPhone, and I’ve successfully configured the VPN, but right now it applies to the whole phone. I need it to work just for some apps. I tried using both Apple Configurator and iMazing, but I can’t find this option there.

Hi Apple Team & Community, The new Introduction of Platform SSO during ADE Enrollment is Great And we tried implementing this. As a Rule mentioned in the Documentation Initially MDM Server should send 403 response with Response Body adhering to ErrorCodePlatformSSORequired when HTTP Header for MachineInfo request contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true There are contradictory claims mentioned in Document, In Process Platform SSO Required Response it is mentioned that MDM Server should send body as JSON Object for ErrorCodePlatformSSORequired Example below >>>>> Response HTTP/1.1 403 Forbidden Content-Type: application/json Content-Length: 558 { "code": "com.apple.psso.required", "description": "MDM Server requires the user to authenticate with Identity Provider - BY MEMDM", "message": "The MDM server requires you to authenticate with your Identity Provider. Please follow the instructions provided by your organization to complete the authentication process - BY MEMDM", "details": { "Package": { "ManifestURL": "https://platform-sso-node-server.vercel.app:443/manifest" }, "ProfileURL": "https://platform-sso-node-server.vercel.app:443/profile", "AuthURL": "https://platform-sso-node-server.vercel.app:443/auth" } } But in the same Document a Sample HTTP Response was Provided but seems to be XML format as below >>>>> Response HTTP/1.1 403 Forbidden Content-Type: application/xml Content-Length: 601 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Code</key> <string>com.apple.psso.required</string> <key>Details</key> <dict> <key>ProfileURL</key> <string>https://mdmserver.example.com/psso.mobileconfig</string> <key>Package</key> <dict> <key>ManifestURL</key> <string>https://mdmserver.example.com/psso-app.plist</string> </dict> <key>AuthURL</key> <string>https://idp.example.com/authenticate</string> </dict> </dict> </plist> From Github I assume that both Response Types are welcomed hence I tried with Both Followed in JSON Mode, I redirected the HTTP request if MachineInfo contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true to https://platform-sso-node-server.vercel.app/redirectedDEPJSON Followed in XML Mode, I redirected the HTTP request if MachineInfo contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true to https://platform-sso-node-server.vercel.app/redirectedDEPXML In both Response Modes OS is not proceeding after and a error Stating Enrollment with Management Server Failed , Forbidden request (403) appears Can someone kindly guide on where I missed, or is this any OS Bug in Tahoe 26?

I'm currently implementing a managed app using the new AppConfig specification. I referred to Apple's official documentation: Specifying and decoding a configuration. Based on the example provided in the "Publish your configuration specification" section, I structured my application configuration plist like this: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>configuration</key> <dict> <key>account</key> <dict> <key>username</key> <string>test user</string> <key>password</key> <string>test 123</string> </dict> <key>domain</key> <string>test example.com</string> </dict> </dict> </plist> When I deployed this configuration via my MDM server, the server reported valid for the activation, configuration and asset (which is the plist), but the configuration did not reflect or apply within my app. My app was unable to retrieve these settings. After some troubleshooting, I found that removing the top-level <key>configuration</key> wrapper resolved the issue. The following plist structure successfully pushed the configuration to my app: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>account</key> <dict> <key>username</key> <string>test user</string> <key>password</key> <string>test 123</string> </dict> <key>domain</key> <string>test example.com</string> </dict> </plist> My question is: Is the inclusion of the <key>configuration</key> wrapper (as shown in the Apple documentation example) incorrect for the current AppConfig implementation? Or is this structure intended for a future release (e.g., iOS 26 or beyond) and the documentation implicitly refers to it, causing confusion for current implementation? Any clarification would be greatly appreciated! Thank you!

I found that "search" endpoint is recently added to api.ent.apple.com : https://developer.apple.com/documentation/devicemanagement/get-catalog-search-results However it seems we cannot find custom apps using this API even with sToken. Is it not suppoted yet? Thank you

We have an office application used internally within our enterprise. The Provisioning Profiles (PP) for the app were about to expire, so we updated the PP and released a new version. However, we've encountered an issue where some users did not update their phones in time. After the app expired, they found it unusable and downloaded the new version, but the newly downloaded app also crashes on launch. Restarting the phone does not resolve the issue, and this primarily occurs on iOS 18.3.2. What could be the cause of this problem, and how should we address it?

Can anyone walk me through on how to generate QR code for payment and send invoices?

Hi everyone, I’m working as an IT engineer in the cruise industry and need to troubleshoot passenger complaints about Apple’s new RCS messaging feature (introduced with iOS 18). Could someone help confirm which domains and ports iPhones use when they send RCS messages? My firewall team wants specifics: domains (or subdomains) that need whitelisting and the ports involved. Any official or community-sourced info would be super helpful—thanks in advance!

Hi everyone, I’m working as an IT engineer in the cruise industry and need to troubleshoot passenger complaints about Apple’s new RCS messaging feature (introduced with iOS 18). Could someone help confirm which domains and ports iPhones use when they send RCS messages? For the fortigate and palo alto firewalls I need specifics: domains (or subdomains) that need whitelisting and the ports involved. Any official or community-sourced info would be super helpful—thanks in advance!

Hello All, I am currently developing a mobile management system using declarative management and for the most part it is pretty great. There is one consistent issue I have run into and it comes when testing VPP app installs with not enough licenses. When my server detects that it can't provide a license ID it will return a 404, which causes the rest of the DM syncing to stop, and the activation to throw an error. Per the documentation for using simple activation: An array of strings that specify the identifiers of configurations to install. A failure to install one of the configurations doesn’t prevent other configurations from installing The above would imply that if a config fails it should not affect anything else (aside from possibly reporting an error. Am I returning the wrong error code for it to continue or is the behavior correct and the documentation is wrong? Any additional info would be useful

I work at a school in NYC and have a software idea that could better support the new NYC phone ban law than current market options (i.e. Yondr pouches). Right now at my school, students and staff scan a QR code upon entering the building to indicate that they are in the building. They scan again on the way out to indicate they've left the building. This is super helpful for attendance, particularly in emergency situations (fire drills, etc). Imagine if when students scanned their QR code, it also activated an app similar to Opal or ScreenZen, but with an admin preset whitelisted apps. The idea is that this app would default deny access to all apps on students' phones except the admin preset whitelisted ones such as Phone, Calculator, etc. Depending on the age/needs of the student, other apps like Spotify, or medical apps could also be whitelisted. My question is -- is this idea possible to create? We would need admin preset controls to create the preset whitelist. We can't have students picking their own restrictions, as we know most would opt to not restrict at all. We would need an admin dashboard so teachers/admin can see which students have activated the app in the building, and which may be trying to sneakily avoid it. We would ideally need to be able to whitelist both system apps like Phone and Calculator, as well as non-system apps such as Spotify (and medical apps -- we have some students who manage/monitor their Diabetes with an app). I don't have a background in software. I'm a math and health teacher. I've experimented with trying to have friends who majored in CS to create this app for me, but they've all either struggled/lost interest. So I'm also looking for a business partner in this venture. If anyone has any guidance here, it would be so helpful! My boss (Head of School) is super interested in this idea and significantly prefers it to every other alternative that he has encountered. The problem is this idea does not exist yet! Note: I know this is a super similar idea to the app and product "Brick". Notably, though, Brick does not have the ability for admin preset controls, or the admin dashboard. We reached out to the company to see if they're create this for us and they said it's a back burner idea that they're aware of, but it's not a priority for them right now. Thank you for any guidance!

The MDM was installed correctly and other commands are working fine. I have tried to send the InstallProfile with custom configuration to the device, but it was displayed as not signed. How to sign the payload for InstallProfile command and where it should be included in the payload / command? The payload I sent to a mac with MDM installed: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Payload</key> <data> BASE64_HERE </data> <key>RequestType</key> <string>InstallProfile</string> </dict> </plist> Decoded base64 from the payload above was: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <dict> <key>com.example.myapp</key> <dict> <key>test_key</key> <string>test_value</string> </dict> </dict> <key>PayloadDisplayName</key> <string>My App Configuration</string> <key>PayloadIdentifier</key> <string>com.org_name.mdm.profile.uq_id_here</string> <key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string> <key>PayloadUUID</key> <string>UUID4 HERE</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDisplayName</key> <string>App Configuration Profile</string> <key>PayloadIdentifier</key> <string>com.example.myapp.config</string> <key>PayloadOrganization</key> <string>ORG NAME</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>ANOTHER UUID4 HERE</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist> System logs from Device: [*] Processing server request: InstallProfile for: <Device> [ERROR] System keychain reported it is unavailable but will proceed as if it is. [*] === CPF_InstallProfile === com.example.myapp.config (user: <Computer>) (source: 'MDM') [*] >>>>> Sending HTTP request (PUT) [Acknowledged(InstallProfile) [*] <<<<< Received HTTP response (200) [Acknowledged(InstallProfile) [*] Processing server request: ProfileList for: <Device> [*] >>>>> Sending HTTP request (PUT) [Acknowledged(ProfileList) [*] <<<<< Received HTTP response (200) [Acknowledged(ProfileList) Also the ProfileList didn't include the installed profile. Is it because it was unsigned? How it should be signed?

I have a simple organization-info declaration that contains the following: "Identifier": "com.example.declaration.org-info", "Payload": { "Email": "info@example.com", "Name": "Example Organization Info", "URL": "http://example.com" }, "ServerToken": "c23b40ca47b11420", "Type": "com.apple.management.organization-info" } And an activation that includes the org-info declaration: "Identifier": "com.example.activation.org-info", "Payload": { "StandardConfigurations": [ "com.example.declaration.org-info" ] }, "ServerToken": "5f6c37a6a0c44e35", "Type": "com.apple.activation.simple" } When I check the status of the declaration, I see the following error: "StatusItems": { "management": { "declarations": { "activations": [ { "reasons": [ { "details": { "Identifier": "com.example.activation.org-info", "ServerToken": "5f6c37a6a0c44e35", "ConfigurationIdentifiers": "com.example.declaration.org-info" }, "description": "Activation (com.example.activation.org-info:5f6c37a6a0c44e35) is missing configurations.", "code": "Error.MissingConfigurations" } ], "active": false, "identifier": "com.example.activation.org-info", "valid": "valid", "server-token": "5f6c37a6a0c44e35" } ], "configurations": [], "assets": [], "management": [ { "active": false, "identifier": "com.example.declaration.org-info", "valid": "valid", "server-token": "542fded47e432de3" } ] } } }, "Errors": [] } I'm not seeing the error in either the activation or the declaration that might throw this error. Does anyone have any insight?

I created a provisional profile from apple developer portal for my iOS app. The expiry date shown in the profile is 21-April 2026. However, when I build the app with this provisional profile the expiry date shown in the app is 11 Dec, 2025. My iOS distribution certificate expires only in November 2026. I see a embeded.mobileprovision profile inside the app, and it has an expiry of 11-Dec-2025. I did a clean build,, cleared unnecessary profiles from profile folder, created a new provisional profile and tried, but nothing seems help. We have a few apps, and no other app has this issue. We do annual release of all apps together for provisional profile renewal. As this app expiry is different, it will cause lot of difficulty for us next year. Will you please help me to resolve this issue? Thanks.

A profile that contains setting of allowVPNCreation is false was installed duiring activation in my requirements. The iOS version is 18. AllowVPNCreation is first, setting the app's network is second, the app can't use network. Setting the app's network is first, AllowVPNCreation is second, the app works well. For example: Scene 1 Step 1: Install a profile that contains a setting where allowVPNCreation is false during activation. Step 2: Complete activation and enter the main screen. Step 3: Tap App Store, the screen displays network unavailable, needs to be set in Setting. Step 4: Open the network setting for App Store, but still closed.And the network settings for other apps are all closed; Step 5: Remove the profile. Step 6: After a minute, opening the network setting for App Store is work. Result: AllowVPNCreation effects app's newtork after entering the system for the first time. It don't happen below iOS 18. Scene 2 Step 1: The app's network setting is ok. Step 2: Install a profile that contains a setting where allowVPNCreation is false. Result: No effect。The same result below iOS 18. Is this a bug or new features, how to handle？

When clicking Upload for the CSR file, there is no APNS certificate available for download. Instead, the portal redirects to https://www.apple.com/filenotfound MDM Push Certificates are critical for the operation of managed devices, if they expire, all devices will have to be reenrolled creating a catastrophic event for all the customers devices. Please review and given how critical this service for renewing certificates is for your customers, please also make sure it is always available without downtimes. Let me know if you need more details, Thank you, Sergio

Is a student from a postgraduate course eligible to participate in the Apple Swift Student Challenge?

this issue is posted on Community multiple times. I am here out of desperation after opening a case on IT support. when a user fills out their application, uploads resume - all of that info is saved. however, when you click "submit," the button does not work. I (along w/tons of other ppl) have tried all the usual remedies: clear cache, try different browsers, try different networks, try different devices - NOTHING WORKS. this is maddening b/c it is affecting my life and career. this is an urgent need. it is also disappointing that there is no tech support for the Careers site! this was confirmed by IT support today, they could not find anything and sent me here instead. please help! I was an apple contractor last year and want to come back but can't even submit my application.

I have an MDM supervised device with an installed managed app, that activates a content-filter solution to filter traffic system-wide. Is it possible in any way for the user to install a third party content-filter app that would somehow overtake the control of content filtering from my app? I'm asking this because I've tested such a case with my another test content-filter solution and it takes control over content filtering from my content-filter – I think this is possible only because my device is in developer mode, but I'm not entirely sure, and I need a confirmation that it would not be possible to happen in an end used environment.