Hello, We have an internal enterprise app. After the provisioning profile (certificate) expired, some employees' iPhones still retained the old certificate when updating the app, causing the app to fail to open. We’ve tried restarting and reinstalling the app, but the issue persists. Having each employee manually reset network or device settings would be too operationally costly. Since this involves a large number of devices, we cannot use Apple Configurator to remove and reinstall certificates one by one. Therefore, we’d like to ask if there is a more efficient, batch-oriented solution to quickly resolve the certificate residue issue. We’d appreciate any suggestions for large-scale deployment methods. Thank you very much!

I originally posted here & was referred to post in developer forumsn. https://discussions.apple.com/thread/256036430?login=true&sortBy=rank&answerId=261319559022 There has to be someone else out here that's gone through this. I've tried everything I can think of, forums, reddit, Microsoft documentation.... just can't find any clear cut method of doing this. I'm working on an InTune Mobile App Protection Policy. I know there are going to be some VPs out there asking why they can't use native iOS Apps, especially Apple Calendar, Contacts & Mail. I have not been able to get anywhere, I always end up with this error. Things I've tried: Allow sync of native apps with work account Putting in app exemptions (But I don't truly know if I know if I have the right values for this and there's no simple way of getting it from what I've seen. Having to download app to PC, finding config files, finding specific values.... that people say are hit or miss). Allow data transfer of ALL Apps What am I missing here? I'm pretty much giving up and just going to say sorry, you can't use Native apps.. Period! Anyone have any experience with this, especially for Mail, Calendar & Contacts? Thank you for anyone that can offer advice on this.

Hi. I am writing a little MDM application. Despite the basic task (add a password for 'remove profile' button in settings), it seems I am stuck with a problem: When I try to enroll my device with enrollment.mobileconfig file, Apple Configurator app, I receive an error The profile “Enrollment Profile” could not be installed because it is invalid. Make sure the profile is valid and try installing it again. The original architecture of my .mobileconfig contains of two payloads (com.apple.security.scep , com.apple.mdm), and it works correctly. However, when I try to add a third payload of com.apple.profileRemovalPassword , I receive the error stated above. From logs collected on iPhone, here's what was found : Failed to parse profile data. Error: NSError: Desc : The profile “Enrollment Profile” is invalid. Sugg : A profile containing an MDM payload must be removable. US Desc: The profile “Enrollment Profile” is invalid. US Sugg: A profile containing an MDM payload must be removable. Domain : MCProfileErrorDomain Code : 1000 Type : MCFatalError Params : ( "Enrollment Profile" ) ...Underlying error: NSError: Desc : A profile containing an MDM payload must be removable. US Desc: A profile containing an MDM payload must be removable. Domain : MCProfileErrorDomain Code : 1000 Type : MCFatalError Extra info: { isPrimary = 1; } My main dictionary contains HasRemovalPasscode Also, I have tried playing around with PayloadRemovalDisallowed setting it to true and false, however, I keep getting the same error message. There is also a second error produced: Profile MCConfigurationProfile, version 1: Display Name: “Enrollment Profile” Description : “***” Identifier : *** UUID : *** Organization: *** Is Stub : No Locked : Yes Removal passcode present Encrypted : No Trusted : 0 Signed : No Device Type : 0 Payloads: Payload MCSCEPPayload, version 1 Description : “***” Identifier : *** UUID : *** Type : com.apple.security.scep Display name: *** Organization: *** Payload MCMDMPayload, version 1 Description : “***” Identifier : *** UUID : *** Type : com.apple.mdm Organization: *** Payload MCRemovalPasswordPayload, version 1 Identifier : com.examp Can't parse profile: <decode: missing data> The code for com.apple.profileRemovalPassword is taken from apple documentation (https://developer.apple.com/documentation/devicemanagement/profileremovalpassword) I have also tried the automatic way - creating it from Apple Configurator, so it is correct in terms of syntax 100%. Several important notes: Creating a fresh new profile with just password removal protection single payload allows to perform a download of the profile If I comment out the whole com.apple.mdm payload block, I will be able to download this profile on iPhone also The com.apple.mdm block is also valid by itself, and works correctly I have tried implementing other types of "dummy" payloads - for example com.apple.dock <dict> <key>PayloadType</key> <string>com.apple.dock</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>com.example.test.dock</string> <key>PayloadUUID</key> <string>22222222-3333-4444-5555-666666666666</string> <key>PersistentApps</key> <array/> </dict> And everything worked out fine. So my hypothetical conclusion out of these four notes might be in some type of interconnection between mdm and profileRemovalPassword, which isn't really listed anywhere? Or am I missing something ? Thank you in advance.

Hello All, I am currently attempting to get application config working with enterprise apps but it seems as though the asset config is not applying at all. While the asset and application install correctly it does not seem that the config is read at all judging from the status message returned. "StatusItems" : { "app" : { "managed" : { "list" : [ { "name" : "apps", "config-state" : { "app-config-state" : { "state" : "unknown" } }, "identifier" : "app.identifier", "version" : "3.2", "short-version" : "3.2.0", "state" : "managed", "declaration-identifier" : "dec-identifier" } ] } } }, "Errors" : [ ] } The asset file being sent down is as follows: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Config 1</key> <string>Value 1</string> <key>Config 2</key> <string>Value 2</string> <key>Config 3</key> <string>Value 3</string> </dict> </plist> This is the config report being sent back by the device after everything has been fetched: "StatusItems" : { "management" : { "declarations" : { "activations" : [ { "active" : true, "identifier" : "group.activation.payload", "valid" : "valid", "server-token" : "56792E4AE25C3286640B45E6BD265AE97545B2B87F90A6355919FD8B2E3C3AB3" } ], "configurations" : [ { "active" : true, "identifier" : "app.install", "valid" : "valid", "server-token" : "34D7ACECAE16EE9EEAC0630FF2FF85524FFBB5BA3CB18CFB6296FBC860368C85" }, { "active" : true, "identifier" : "ios.policy.subscription.list", "valid" : "valid", "server-token" : "376913E11BE7D26EC745B3B68C6FA94C4FC061B1B736D143EBE0F12FF73ADFF8" } ], "assets" : [ { "active" : true, "identifier" : "app.config.reference", "valid" : "valid", "server-token" : "1CFBE30EB56309005F742D667B80242E6A3CDC08ED228D0BC5F87749C6BBAB77" } ], "management" : [ ] } }, "app" : { "managed" : { "list" : [ { "state" : "downloading", "declaration-identifier" : "app.install", "identifier" : "app.identifier", "name" : "apps", "config-state" : { "app-config-state" : { "state" : "unknown" } } } ] } } }, "Errors" : [ ] } Additional info would be useful, though a sysdiagnosis will be submitted to feedback as well. Config did apply correctly when sending down through Install application command

My company signed the application with enterprise certificate, the Provisioning Profile expired on March 20, 2025. Some iPhones didn't update the application before the expiration. We have update the Provisioning Profile and repackaged application. However, these iPhones still can't use the application after reinstalling the new ipa. After opening the application, the screen is blank and then flashes back without any error prompt. Restarting iPhone didn't help.

short version question: why some users after deleting and downloading back my in-house app, cannot start the new process for approving developer, but instead it tries to start and then crashes immediately? long question version I am maintaining an in-house distributed enterprise app. due to update in iOS 18 update here users need to trust the developer via a new procedure that involves restarting device and inserting the phone code. after thousands (more or less 30.000) of users with no issue at all, some of them has this problem, the old (expired)trust seems to be persistent and never updated. Standard events a user deletes the app via settings > general > VPN & device management or via classic persistent touch procedure checks no other presence of the app is on the device via spotlight. since it is the only app with "MyDeveloperName" on the phone, if users goe back to VPN & device management screen, no app or developer will be present. user downloads new version of the app. If taps directly on the icon there is a system alert with says the developer must be trusted. a this point in settings > general > VPN & device management you can find a line with developer name, tapping on it we find a screen where user finds a white button with BLUE message "authorize MyDeveloperName" and follows procedure. My issue is that some users get following different behavior, and I do not understand why: ❌ tapping on downloaded app icon: no alert, but app tries to start then crashes. ❌ going in VPN & device management screen there is only RED write button "delete app" in both paths, working and not working, the app results "verified" in VPN & device management screen (Apple says old authorizations are preserved.)

I found a new Payload attribute LegacyAppConfigAssetReference in AppManaged introduced in iOs 18.4 beta. So I tried it, however no configuration is discoverted in the installed app. -- configuration { "Identifier": "8c2af0b6-5ae0-5927-a1cd-bab5e4148bb8", "Type": "com.apple.configuration.app.managed", "Payload": { "InstallBehavior": { "Install": "Required", "License": { "Assignment": "Device", "VPPType": "Device" } }, "AppStoreID": "535886823", "LegacyAppConfigAssetReference": "ac35558f-aefc-5faf-8f64-1faaff993b96" }, "ServerToken": "2abdc89492d89ca1a213ca61318ae0651c2b8de660c2847a44a3fb8ad9d9a8ad" } -- declaration/asset/ac35558f-aefc-5faf-8f64-1faaff993b96 { "Identifier": "ac35558f-aefc-5faf-8f64-1faaff993b96", "Type": "com.apple.asset.data", "Payload": { "Reference": { "DataURL": "https://i3-oreore-ios-mdm.azurewebsites.net/asset_files/eyJpZCI6IjNkOTg2YWVjNzQ1MWJiYWZlZjJmZGU1NmZmYmJlYjdkLnBsaXN0Iiwic3RvcmFnZSI6InN0b3JlIiwibWV0YWRhdGEiOnsiZmlsZW5hbWUiOiJFbmNvZGVkQ2hyb21lUG9saWN5RXhhbXBsZS5wbGlzdCIsInNpemUiOjMyMjUsIm1pbWVfdHlwZSI6ImFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSJ9fQ", "ContentType": "application/plist" } }, "ServerToken": "7433f7c0c991a1943636ff7bd8949e88738c684ecbde347ac8a9c5b5c19dda14" } -- And the data type of the managed app configuration is application/plist http https://i3-oreore-ios-mdm.azurewebsites.net/asset_files/eyJpZCI6IjNkOTg2YWVjNzQ1MWJiYWZlZjJmZGU1NmZmYmJlYjdkLnBsaXN0Iiwic3RvcmFnZSI6InN0b3JlIiwibWV0YWRhdGEiOnsiZmlsZW5hbWUiOiJFbmNvZGVkQ2hyb21lUG9saWN5RXhhbXBsZS5wbGlzdCIsInNpemUiOjMyMjUsIm1pbWVfdHlwZSI6ImFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSJ9fQ HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=31536000 Content-Length: 3225 Content-Type: application/plist Date: Tue, 18 Mar 2025 22:59:40 GMT X-Content-Type-Options: nosniff <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC '-//Apple//DTD PLIST 1.0//EN' 'http://www.apple.com/DTDs/PropertyList-1.0.dtd'> <plist version="1.0"> <dict> <key>EncodedChromePolicy</key> <string>PD94bWwgdmVyc2lvbj0iMS4wIiA/PjwhRE9DVFlQRSBwbGlzdCAgUFVCTElDICctLy9BcHBsZS8vRFREIFBMSVNUIDEuMC8vRU4nICAnaHR0cDovL3d3dy5hcHBsZS5jb20vRFREcy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCc+PHBsaXN0IHZlcnNpb249IjEuMCI+PGRpY3Q+PGtleT5BdXRvRmlsbEVuYWJsZWQ8L2tleT48ZmFsc2UvPjxrZXk+Q29va2llc0FsbG93ZWRGb3JVcmxzPC9rZXk+PGFycmF5PjxzdHJpbmc+aHR0cDovL3d3dy5leGFtcGxlLmNvbTwvc3RyaW5nPjxzdHJpbmc+WyouXWV4YW1wbGUuZWR1PC9zdHJpbmc+PC9hcnJheT48a2V5PkNvb2tpZXNCbG9ja2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Db29raWVzU2Vzc2lvbk9ubHlGb3JVcmxzPC9rZXk+PGFycmF5PjxzdHJpbmc+aHR0cDovL3d3dy5leGFtcGxlLmNvbTwvc3RyaW5nPjxzdHJpbmc+WyouXWV4YW1wbGUuZWR1PC9zdHJpbmc+PC9hcnJheT48a2V5PkRlZmF1bHRDb29raWVzU2V0dGluZzwva2V5PjxpbnRlZ2VyPjE8L2ludGVnZXI+PGtleT5EZWZhdWx0UG9wdXBzU2V0dGluZzwva2V5PjxpbnRlZ2VyPjE8L2ludGVnZXI+PGtleT5EZWZhdWx0U2VhcmNoUHJvdmlkZXJFbmFibGVkPC9rZXk+PHRydWUvPjxrZXk+RGVmYXVsdFNlYXJjaFByb3ZpZGVyS2V5d29yZDwva2V5PjxzdHJpbmc+bWlzPC9zdHJpbmc+PGtleT5EZWZhdWx0U2VhcmNoUHJvdmlkZXJOYW1lPC9rZXk+PHN0cmluZz5NeSBJbnRyYW5ldCBTZWFyY2g8L3N0cmluZz48a2V5PkRlZmF1bHRTZWFyY2hQcm92aWRlclNlYXJjaFVSTDwva2V5PjxzdHJpbmc+aHR0cDovL3NlYXJjaC5teS5jb21wYW55L3NlYXJjaD9xPXtzZWFyY2hUZXJtc308L3N0cmluZz48a2V5Pk1hbmFnZWRCb29rbWFya3M8L2tleT48YXJyYXk+PGRpY3Q+PGtleT5uYW1lPC9rZXk+PHN0cmluZz5Hb29nbGU8L3N0cmluZz48a2V5PnVybDwva2V5PjxzdHJpbmc+Z29vZ2xlLmNvbTwvc3RyaW5nPjwvZGljdD48ZGljdD48a2V5Pm5hbWU8L2tleT48c3RyaW5nPllvdXR1YmU8L3N0cmluZz48a2V5PnVybDwva2V5PjxzdHJpbmc+eW91dHViZS5jb208L3N0cmluZz48L2RpY3Q+PC9hcnJheT48a2V5PlBhc3N3b3JkTWFuYWdlckVuYWJsZWQ8L2tleT48dHJ1ZS8+PGtleT5Qb3B1cHNBbGxvd2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Qb3B1cHNCbG9ja2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Qcm94eUJ5cGFzc0xpc3Q8L2tleT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZTEuY29tLGh0dHA6Ly93d3cuZXhhbXBsZTIuY29tLGh0dHA6Ly9pbnRlcm5hbHNpdGUvPC9zdHJpbmc+PGtleT5Qcm94eU1vZGU8L2tleT48c3RyaW5nPmRpcmVjdDwvc3RyaW5nPjxrZXk+UHJveHlQYWNVcmw8L2tleT48c3RyaW5nPmh0dHA6Ly9pbnRlcm5hbC5zaXRlL2V4YW1wbGUucGFjPC9zdHJpbmc+PGtleT5Qcm94eVNlcnZlcjwva2V5PjxzdHJpbmc+MTIzLjEyMy4xMjMuMTIzOjgwODA8L3N0cmluZz48a2V5PlNlYXJjaFN1Z2dlc3RFbmFibGVkPC9rZXk+PHRydWUvPjxrZXk+VHJhbnNsYXRlRW5hYmxlZDwva2V5Pjx0cnVlLz48a2V5PlVSTEJsYWNrbGlzdDwva2V5PjxhcnJheT48c3RyaW5nPmV4YW1wbGUuY29tPC9zdHJpbmc+PHN0cmluZz5odHRwczovL3NzbC5zZXJ2ZXIuY29tPC9zdHJpbmc+PHN0cmluZz5ob3N0aW5nLmNvbS9iYWRfcGF0aDwvc3RyaW5nPjxzdHJpbmc+aHR0cDovL3NlcnZlcjo4MDgwL3BhdGg8L3N0cmluZz48c3RyaW5nPi5leGFjdC5ob3N0bmFtZS5jb208L3N0cmluZz48L2FycmF5PjxrZXk+VVJMV2hpdGVsaXN0PC9rZXk+PGFycmF5PjxzdHJpbmc+ZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPmh0dHBzOi8vc3NsLnNlcnZlci5jb208L3N0cmluZz48c3RyaW5nPmhvc3RpbmcuY29tL2JhZF9wYXRoPC9zdHJpbmc+PHN0cmluZz5odHRwOi8vc2VydmVyOjgwODAvcGF0aDwvc3RyaW5nPjxzdHJpbmc+LmV4YWN0Lmhvc3RuYW1lLmNvbTwvc3RyaW5nPjwvYXJyYXk+PC9kaWN0PjwvcGxpc3Q+</string> </dict> </plist> Please note that this example plist is the same content as is described here: https://www.chromium.org/administrators/ios-mdm-policy-format/ After applying the declaration, the app GoogleChrome is successfully installed but no managed app configuration seems applied. MDMAppManagement.plist in the sysdiagnose is like below: plutil -p logs/MCState/Shared/MDMAppManagement.plist { "metadataByBundleID" => { "com.google.chrome.ios" => { "Attributes" => { "Removable" => 0 } "flags" => 1 "source" => "Declarative Device Management" "state" => 7 } "com.microsoft.skype.teams" => { "Attributes" => { "Removable" => 0 } "flags" => 1 "source" => "Declarative Device Management" "state" => 7 } } } I also tried with our private apps and not applied... How can we use this feature or check the configuration is applied? Thank you,

I applied over a month ago and haven't heard back to the Apple Small Business Program. What should I do to speed things up?

We intend to sell in india markets. In india our tax compliance is GSTIN which is also highlighted in your "Provide tax information for alternative payment options" section. We will not be making any sale outside India and hence are not liable for any tax compliance or withholding of tax outside india. Please guide us on how we should fill the tax forms.

Last year I used the iOS Distribution Managed Certificate (Enterprise Program) to sign an App and to distribute it internally. The Cert is still valid until May 2026. But its associated Provisiong Profile (which is not visible in the Apple Portal, but within Xcode when you export your archive) expired last week. Until then it was impossible for me to somehow force renew the profile and that lead to the fact that my app was not usable for a day, because the renewal was done after the expiration of the old one. Whats the whole point of the managed signing if can't influence the provisioning update. To be clear: I don't speak about the certificate - just about the profile. Or am I using it wrong?

Hi, Is there a method to hide individual items in System Settings that is not Deprecated? It needs some of the settings set and hidden for the end user. I found the DisabledSystemSettings key however it is marked as Deprecated and does not include all the new items, especially those related to Apple Intelligence. Is there any method other than “Restrictions” that does not hide and only set individual settings ? It needs to hide items in system settings :)

On google it's showing with in 24 for developer enrollment now waiting for 4th day no update at all

Recently, we have encountered some users who have been unable to open the enterprise signature application after upgrading to version 18.3.2, without an IPS file. Through system logs, we found that signature verification has occurred SecKeyVerifySignature failed: Error Domain=NSOSStatusErrorDomain Code=-50 "rsa_pub_crypt failed, ccerr=-7" UserInfo={numberOfErrorsDeep=0, NSDescription=rsa_pub_crypt failed, ccerr=-7} Waiting for the information, I will provide the obtained system logs below. The application package name that crashed is com. mobile. moa aa.txt new

Hi Team, After agreeing the Paid In-app purchase agreements, i have been asked to fill the tax forms of US Certificate of foreign status of beneficial owner and US substitute form W-8BEN-E. Being an Indian Ed-tech company, we would like to know how should we approach this. Any help or support page or video on this can make our life easier. Thanks Team ACEplus.

Hello Developers, We are encountering a consistent Kernel Panic issue on an iPhone device after sending a "Clear Passcode" command via our MDM solution. We're looking for insights or confirmation if others have experienced similar behavior. Device & Environment Details: Device: iPhone13,2 (iPhone 12 Pro) OS Version: iPhone OS 18.3.2 (Build 22D82) (Please note this appears to be a future/beta build identifier) Action Triggering Panic: Sending MDM ClearPasscode command. Roots Installed: 0 (Device is not jailbroken) Incident ID: 4B41C0AE-EE93-4051-BEE4-AB98438C10F0 Panic Log Summary: The kernel panic log clearly indicates the issue originates from the Secure Enclave Processor (SEP). The key panic string is: panic(cpu 3 caller 0xfffffff02357bc1c): SEP Panic: :sks /sks : 0x1000b15fc 0x0003ad60 0x0003ad44 0x100028698 0x10002cae4 0x10002a908 0x10002bc10 0x100045330 [hgggrhlvs] Panic app vers: 1827.80.10 Panic app UUID: 4C066E88-EB93-33C3-BCA7-C5F5474831CC ... Root task vers: AppleSEPOS-2772.80.2 Root task UUID: A39D6C5D-D07D-33EE-85A3-9105A8D93CE2 ... sks /sks 0x329cc/0x326e0/0x1314131413141314 ert/BOOT Use code with caution. The SEP Panic and reference to :sks /sks strongly suggest an issue within the Secure Key Store subsystem of the SEP. The panic occurred on CPU core 3. The kernel backtrace points to the com.apple.driver.AppleSEPManager kernel extension as the immediate caller in the main kernel that initiated the panic process after receiving the signal from the SEP. Analysis/Interpretation: Based on the log, it appears that the MDM ClearPasscode command, which necessarily interacts with the SEP's Secure Key Store via the AppleSEPManager driver, triggered an internal fault or bug within the SEP firmware (AppleSEPOS). This SEP-level panic subsequently caused the main iOS kernel to panic. Questions: Has anyone else encountered similar SEP panics, specifically involving the SKS subsystem, particularly after issuing MDM commands like ClearPasscode on iOS 18.x builds (especially 18.3.2 / 22D82)? Is this a known issue in this specific iOS/SEP firmware version? Are there any suggested workarounds for clearing passcodes via MDM on affected devices/OS versions, or any further diagnostic steps recommended? We appreciate any insights or shared experiences the community might have on this issue. Thank you.

Hello, I am currently attempting to use declarative management to install enterprise application, however I am running into errors. Initially the device was failing to unpac the initial manifest it downloaded. After pulling logs from the device it was revealed that the manifest must include the bundle-version for it to parse as valid. Adding this has allowed for the ipa to be fetched from the server however there is a secondary issue. The application is on the device but is unable to be opened due to the device being unable to validate its integreti. Any additional information would be useful. For completion the working manifest will be pasted below. It should be noted that the manifest below does work when requesting application installs through MDM commands. <***> <items type="array"> <dict> <assets type="array"> <dict> <kind type="string">software-package</kind> <url type="string">https://domain/web/mdm/ios/enterpriseipa/bundle.id</url> </dict> </assets> <key type="dict" name="metadata"> <bundle-identifier type="string">bundle.id</bundle-identifier> <kind type="string">software</kind> <subtitle type="string">app</subtitle> <title type="string">app</title> <bundle-version type="string">x.x.x</bundle-version> </key> </dict> </items> </***> </plist>

how to contact 酷

I have created a configuration profile which basically just turns off notifications for Shortcuts app but I am unable to install it on my iPhone as I am getting the following error “This profile can be installed on a supervised device only” can someone please help me with this? Would also appreciate if you have another way to turn off shortcuts notifications permanently since when I turn it off via screen time it keeps turning itself ON every couple of days.

Our organization is deploying passwordless authentication. Instead of using a password, employees must use the Microsoft Authenticator app to complete the login process. Unfortunately, employees with passwordless authentication can't complete the login on the Wi-Fi Captive portal with SAML authentication. The reason is that when an employee switches to the Microsoft Authenticator app, the Apple CNA (Apple Network Captive Assistant) disappears. As a result, the authentication process breaks. According to the https://developer.apple.com/news/?id=q78sq5rv source, iOS 14+ devices support the RFC-8908 standard. Unfortunately, we couldn't find a reliable source on how this feature works on iOS devices. The question is: Is it possible to automatically forward Wi-Fi clients to the SAML authentication portal in the default browser app (for example, Safari) after connecting an employee to Wi-Fi?

Hi I am trying to develop Apple MDM solution as a vendor. I got the Vendor certificate from apple developer portal. When I was trying to generate the csr and upload to Portal (https://identity.apple.com/pushcert/) It says Invalid Certificate Signing Request. I had also tried to follow documentation (https://developer.apple.com/documentation/devicemanagement/setting-up-push-notifications-for-your-mdm-customers) but still the same error. Can anyone please guide how to generate the csr.