Ref- https://support.apple.com/en-in/guide/deployment/dep3b4cf515/web When we deploy an Payload with identifier "com.apple.airprint" , It will add the deployed printer configurations to printers list in mac. Which additionally needs the mac user to add it from Settings -> Printers -> Add Printer -> (Deployed Printer Configuration will be listed here) Select the printer -> Click Add . Screenshot where user need to add it manually after profile association is attached below. Now the Printer is available to be used ,when an share option in any document is clicked. Why this flow requires multiple to and fro. Can it be able to deploy the printer straight to Printers available List instead of manually adding from the above screenshot

How to create python environment in Xcode

The same problem encountered with iOS 17 beta 1 and beta 2 is back: Unable to create a secure connection to the server ("bad certificate format" -9,808).

Hello, at our school we are using a kerberos proxy. Now we will introduce ipads. In my tests I have set this proxy in wifi settings. On next internet connection I was asked for my account credentials. After that I had full access to internet with ALL apps. Obviously ios has set up a network relay which handles the kerberos authentication for the while device. I have searched for documentation on this topic, but you will find only docs for kerberos with SSO and per app tickets. Do someone has hints for this? Especially where are the password for the kerberos authentication stored on the ipad - it is not the same as in the wifi proxy settings! With regards, Helge

We have purchase but status still pending, please how to complete membership to active

I have the following setup: Managed domain (pdfforge.org) Managed app (Dropbox) with Files app integration. This can also occur with the following setup: A custom browser is installed as managed (ex Firefox) No managed domains Managed app (Dropbox) with Files app integration. Trying to upload a file from Dropbox in this managed domain by clicking on the Dropbox folder causes the folder to disappear and instead I am rerouted to the On My Phone directory. On subsequent tries, sometimes the folder opens and I can see the files, but while scrolling the files disappear. This makes it unable to upload any files from Dropbox to this managed domain. If both the managed app and domains are not set up, then everything works normally. Is this happening to everyone else? I also tried with Nextcloud and Google Drive.

We have an enterprise app for which one of the Users is facing the below error. Unable to verify app Internet connection is required to verify trust of the developer "<Enterprise_distribution_Profile>". This app will not be available until verified. What could be the reason behind this error as only one user is facing the issue. Is there a way to fix it.

We're implementing an MDM system and would like to know if we can get the type of CPU for an enrolled device, I know we can use IsAppleSilicon from the Device Information command but it would be good to know if it's an M1, M2, M3 etc. We can implement a mapping of product name to CPU type, e.g. Mac16,1 has an M4 chip but this would mean ongoing maintenance that we'd prefer to avoid. Is there a public web API (ideally first-party provided by Apple) that can be used to lookup details of a device by product name or similar? Slightly related is the Declarative Device Management documentation for StatusDeviceModelMarketingName offers an alternative of: use device.model.configuration-code to look up the marketing name through the web API but doesn't mention which web API.

On devices running iOS 18+, when a web app kiosk policy is pushed via an MDM and the device is restarted. The touch screen doesn't respond on the device. So the device is currently in a brick state. Since we can't enter the password we can't get the logs from the device and it is even hard to recover the device. On restart the device isn't connecting to the internet so it isn't possible to remove the kiosk policy as well. This only happens on devices running iOS 18+ and with web app kiosk profile.

I created a mobileconfig file on our self-developed MDM server and used Apple Configurator with a USB cable to prepare the device. However, the profile installation failed and show the mdm payload is invalid must to be removed. I suspect that the issue might be related to the CA (Certificate Authority) in the configuration, even though I have provided the ROOT SSL CA and the .p12 file. What CA file should I include in the mobileconfig to resolve this issue? using Apple Configurator to edit the mobileconfig file, but the MDM service is no longer displayed. How should I handle this

We have a development where we are MDM managing iOS devices and attempting to enforce mutual TLS for all interactions with the MDM. We are DEP provisionng an enrolment profile that utilises an ACME hardware attested Device Identity Certificate. All interactions with the MDM endpoints are correctly utilising the ACME certificate for the client mutual TLS handshake. The certificate has Client Authentication Extended Key Usage. Behind the same API gateway and on the same SNI we are also serving paths to Enterprise application manifests and IPAs. We can see from the phone log and from packet traces the iOS device doesn't offer the Device Identity Certificate for client authentication when retrieving these URLs. We have also tried adding non ACME client certificates from the root trusted by the server to the initial profile with exactly the same outcome. If we temporarily disable the mutualTLS we can see that the request for the manifest has a userAgent of "com.apple.appstored/1.0 iOS/18.2 model/iPhone17,3 hwp/t8140 build/22C5125e (6; dt:329) AMS/1" which is not the same as the mdm interactions. Is it actually possible to achieve mutualTLS to authenticate these downloads or is a different solution required ? Any advice greatly appreciated.

Quick question, when I make money from any third-party ad network I have running in my app (Google AdMob, for example), does Apple take a share of that?

We provide a MDM product. In our product, payloads and properties which require supervision display those requirements. Two properties forcePreserveESIMOnErase and allowWebDistributionAppInstallation of the restriction payload don’t require a supervised device according to the descriptions in Apple Developer Documentation. However, in our observation, those properties seem to require it. Are those OS bugs or documentation errors? (In which category should I submit a feedback?) Steps to reproduce Prepare a supervised device (I used an iPhone 12 mini with iOS 18.1) and a configuration profile contains the following restrictions: <!-- Does not require a supervised device --> <key>allowDiagnosticSubmission</key> <false/> <!-- Requires a supervised device --> <key>allowESIMModification</key> <false/> <!-- Does not require a supervised device according to its description --> <key>allowWebDistributionAppInstallation</key> <false/> <!-- Does not require a supervised device according to its description --> <key>forcePreserveESIMOnErase</key> <true/> Then, Install the profile with Apple Configurator. Confirm 4 restrictions are shown in Settings > General > VPN & Device Management > PayloadDisplayName > Restrictions. Punch Settings > General > Transfer or Reset iPhone > Erase All Content and Settings, to unsupervise. Install the profile with Apple Configurator. It cannot be installed automatically because the device was not supervised. Manually install the downloaded profile. Check Settings > General > VPN & Device Management > PayloadDisplayName > Restrictions. Expected results 3 restrictions—allowDiagnosticSubmission, allowWebDistributionAppInstallation and forcePreserveESIMOnErase—are shown. Actual results Only one restriction—allowDiagnosticSubmission—is shown. Appendix: Restriction keys and their restricted message shown in Settings allowESIMModification: eSIM modification not allowed forcePreserveESIMOnErase: Preserve eSIM on erase enforced allowWebDistributionAppInstallation: Web app distribution not allowed allowDiagnosticSubmission: Diagnostic submission not allowed

Hey Community! I am seeking your help. I have tried Apple Support but to no avail. I know they are busy with a lot of requests, understandable. I previously had my personal developer account (which I used to use for building apps). But then I started my own consultancy/business. Now I want to create apps for my organization. From what I understood from their guidelines: 1/ Create a new individual account with your organization. 2/ Somehow link it to an organization account using DUNS number, etc. I am still stuck at point 1 because it doesn't verify my personal ID (could this be because it is linked to my old personal account). Can someone walk me through the process of creating an organization account?

I am trying to create a DNS over HTTPS and DNS over TLS server that requires authentication with a client certificate and configure it in the Device Management Profile for use from the iPhone. I have set the PayloadCertificateUUID in DNSSettings, but it appears that the client certificate is not being used. Is there anything I should check in advance when using a p12 file with PayloadCertificateUUID? Configuration Profile <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadType</key> <string>Configuration</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>295E68E5-39F0-46D1-94E4-4A49EC8392E2</string> <key>PayloadIdentifier</key> <string>com.example.dns</string> <key>PayloadDisplayName</key> <string>My DNS</string> <key>PayloadRemovalDisallowed</key> <false/> <key>PayloadContent</key> <array> <dict> <key>PayloadType</key> <string>com.apple.dnsSettings.managed</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>4CCEE94D-7B72-46AB-87AD-5A368F937339</string> <key>PayloadIdentifier</key> <string>com.example.dns.names</string> <key>PayloadDisplayName</key> <string>My DNS</string> <key>PayloadDescription</key> <string>DNS Settings</string> <key>PayloadCertificateUUID</key> <string>07A96080-5FAE-4026-937D-F578530E1444</string> <key>DNSSettings</key> <dict> <key>DNSProtocol</key> <string>TLS</string> <key>ServerName</key> <string><!-- my DoT server name --></string> </dict> <key>ProhibitDisablement</key> <false/> </dict> <dict> <key>PayloadType</key> <string>com.apple.security.pkcs1</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>260CC26A-2DD1-4B16-B8C0-AF1E655576AD</string> <key>PayloadIdentifier</key> <string>com.example.certs.intermediate-ca</string> <key>PayloadDisplayName</key> <string>Intermediate CA</string> <key>PayloadDescription</key> <string>Intermediate CA</string> <key>PayloadCertificateFileName</key> <string>ca-chain.cert.cer</string> <key>PayloadContent</key> <data><!-- contents of Intermediate CA certificate --></data> </dict> <dict> <key>PayloadType</key> <string>com.apple.security.root</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>E5DB74AA-3C5F-470B-AAE0-DF072095A2EC</string> <key>PayloadIdentifier</key> <string>com.example.certs.root-ca</string> <key>PayloadDisplayName</key> <string>Root CA</string> <key>PayloadDescription</key> <string>Root CA</string> <key>PayloadCertificateFileName</key> <string>ca.cert.cer</string> <key>PayloadContent</key> <data><!-- contents of Root CA certificate --></data> </dict> <dict> <key>PayloadType</key> <string>com.apple.security.pkcs12</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>07A96080-5FAE-4026-937D-F578530E1444</string> <key>PayloadIdentifier</key> <string>com.example.certs.client.iseebi</string> <key>PayloadDisplayName</key> <string>Client Certificate</string> <key>PayloadDescription</key> <string>Client Certificate</string> <key>Password</key> <string><!-- password of p12 --></string> <key>PayloadCertificateFileName</key> <string>Key.p12</string> <key>PayloadContent</key> <data><!-- contents of p12 --></data> </dict> </array> </dict> </plist> iPhone console log Connection 3742: enabling TLS Connection 3742: starting, TC(0x0) Connection 3742: asked to evaluate TLS Trust Connection 3742: TLS Trust result 0 Connection 3742: asked for TLS Client Certificates Connection 3742: issuing challenge for client certificates, DNs(1) Connection 3742: asked for TLS Client Certificates Connection 3742: received response for client certificates (-1 elements) Connection 3742: providing TLS Client Identity (-1 elements) Connection 3742: providing TLS Client Identity (-1 elements) Connection 3742: connected successfully Connection 3742: TLS handshake complete Connection 3742: ready C(N) E(N) Connection 3742: received viability advisory(Y) Connection 3742: read-side closed Connection 3742: read-side closed Connection 3742: read-side closed Connection 3742: cleaning up Connection 3742: done server log (stunnel) LOG5[9]: Service [dns] accepted connection from <IP> LOG6[9]: Peer certificate required LOG7[9]: TLS state (accept): before SSL initialization LOG7[9]: TLS state (accept): before SSL initialization LOG7[9]: Initializing application specific data for session authenticated LOG7[9]: SNI: no virtual services defined LOG7[9]: OCSP stapling: Server callback called LOG7[9]: OCSP: Validate the OCSP response LOG6[9]: OCSP: Status: good LOG6[9]: OCSP: This update: 2024.12.06 08:32:00 LOG6[9]: OCSP: Next update: 2024.12.13 08:31:58 LOG5[9]: OCSP: Certificate accepted LOG7[9]: OCSP: Use the cached OCSP response LOG7[9]: OCSP stapling: OCSP response sent back LOG7[9]: TLS state (accept): SSLv3/TLS read client hello LOG7[9]: TLS state (accept): SSLv3/TLS write server hello LOG7[9]: TLS state (accept): SSLv3/TLS write change cipher spec LOG7[9]: TLS state (accept): TLSv1.3 write encrypted extensions LOG7[9]: TLS state (accept): SSLv3/TLS write certificate request LOG7[9]: TLS state (accept): SSLv3/TLS write certificate LOG7[9]: TLS state (accept): TLSv1.3 write server certificate verify LOG7[9]: TLS state (accept): SSLv3/TLS write finished LOG7[9]: TLS state (accept): TLSv1.3 early data LOG7[9]: TLS state (accept): TLSv1.3 early data LOG7[9]: TLS alert (write): fatal: unknown LOG3[9]: SSL_accept: ssl/statem/statem_srvr.c:3510: error:0A0000C7:SSL routines::peer did not return a certificate LOG5[9]: Connection reset/closed: 0 byte(s) sent to TLS, 0 byte(s) sent to socket LOG7[9]: Deallocating application specific data for session connect address LOG7[9]: Local descriptor (FD=10) closed LOG7[9]: Service [dns] finished (0 left)

I have private certificate authority. Root &gt; Intermediate &gt; Leaf. When I install the Root Certificate, it shows in Settings &gt; General &gt; About &gt; Certificate Trust Settings in iOS 18.1.1 However, when I install the Intermediate Certificate (including the CA Bundle), the Intermediate CA Certificate is not shown in the Certificate Trust Settings. All my leaf certificates are issued by the Intermediate CA. Is this a bug? If not, how can this be solved? TIA!

is it possible to push app updates in Single App Mode via Intune?

Is there a way for our app to deny Apple ID users from logging into the app if the Apple ID is not specifically managed by Apple School Manager? This would allow only students to be able to use the app. Basically is there a way for us to know if an Apple ID was created by Apple School Manager?

I work with https://developer.apple.com/documentation/devicemanagement/activationlockrequest?language=objc. The same codes work well on other devices, such as iphone, ipad, mac air. What causes? What can i do to resovle it?

A profile that contains setting of allowVPNCreation is false was installed duiring activation in my requirements. The iOS version is 18. AllowVPNCreation is first, setting the app's network is second, the app can't use network. Setting the app's network is first, AllowVPNCreation is second, the app works well. For example: Scene 1 Step 1: Install a profile that contains a setting where allowVPNCreation is false during activation. Step 2: Complete activation and enter the main screen. Step 3: Tap App Store, the screen displays network unavailable, needs to be set in Setting. Step 4: Open the network setting for App Store, but still closed.And the network settings for other apps are all closed; Step 5: Remove the profile. Step 6: After a minute, opening the network setting for App Store is work. Result: AllowVPNCreation effects app's newtork after entering the system for the first time. It don't happen below iOS 18. Scene 2 Step 1: The app's network setting is ok. Step 2: Install a profile that contains a setting where allowVPNCreation is false. Result: No effect。The same result below iOS 18. Is this a bug or new features, how to handle？