Hello, I’m facing an issue while trying to add iOS devices to Apple Business Manager (ABM) using Apple Configurator during enrollment. When going through the setup process, the device fails to complete enrollment and times out. I’ve tried it multiple times. The device does appear in ABM during the process and I am able to assign it to different MDM servers but since the setup times out and fails, the device is automatically released. I have tried this with multiple iOS devices and it times out on every single one of them. Steps attempted: Factory reset and re-enrollment of the device Ensured network connectivity is stable and tested on multiple Wi-Fi networks Tried the following process using Apple Configurator on Mac (wired): Created a Wi-Fi profile in Configurator Connected the iPhone via cable and used Prepare (manual configuration) Used the “MDM server” placeholder and trusted anchors (as recommended) Linked the device to the ABM organization Skipped Setup Assistant steps Attached the Wi-Fi profile, then prepared and wiped the device Verified that the device should appear in ABM Attempted to assign the device to my MDM in ABM Despite these checks, the enrollment process times out. I’m attaching a screenshot of the error for reference. Could someone advise what might be causing this timeout or how I can further troubleshoot this? Any guidance would be greatly appreciated. Thanks in advance.

Details: Device: iPhone 12 Pro Max System: iOS 26.1 beta 2 Issue Description: When testing MDM device restriction capabilities on iOS 26.1 beta 2, I found that the allowCamera restriction does not work as expected. Observed Behavior: • On a BYOD device: When allowCamera is set to false, the Camera and FaceTime apps disappear from the Home Screen, as expected. However, third-party apps (such as WeChat) can still access the camera and take photos. • On earlier versions (e.g. iOS 26.0.1): Setting allowCamera to false correctly blocks all apps, including third-party apps, from accessing the camera. Initially, I assumed Apple might have changed this restriction behavior so that allowCamera only applies to supervised devices. However, after testing on supervised devices, I found that even there, when allowCamera is set to false, the Camera and FaceTime apps are hidden, but third-party apps can still use the camera. This indicates that the restriction is not functioning correctly in iOS 26.1 beta 2. Expectation: When allowCamera is set to false, all camera access — including third-party apps — should be blocked. Request: Could someone from Apple’s development or MDM team confirm whether this is an expected behavior change or a potential bug in iOS 26.1 beta 2?

It's a great platform to grow your knowledge. Apple Teacher

I desperately need help with this issue. Are there any known issues regarding MDM profiles not installing on iPhone 17? Too many cases are being reported.

I am checking the response of DeviceInformation Command to collect network information from iPad. On iPad(iPad Pro 11, M4) devices that use WiFi without inserting Usim or Esim, network values ​​such as CurrentMCC and ICCID are received in response to the DeviceInformation command. cf.)Even though it may be garbage value, I blurred the unique information just in case. <key>ServiceSubscriptions</key> <array> <dict> <key>CarrierSettingsVersion</key> <string>61.0</string> <key>CurrentCarrierNetwork</key> <string></string> <key>CurrentMCC</key> <string>450</string> <key>CurrentMNC</key> <string>08</string> <key>EID</key> <string>blah blah</string> <key>ICCID</key> <string>blah balh</string> <key>IMEI</key> <string>blah blah</string> <key>IsDataPreferred</key> <true/> <key>IsRoaming</key> <true/> <key>IsVoicePreferred</key> <false/> <key>Label</key> <string>Provisioning</string> <key>LabelID</key> <string>00000000-0000-0000-0000-000000000000</string> <key>PhoneNumber</key> <string></string> <key>Slot</key> <string>CTSubscriptionSlotOne</string> <key>SubscriberCarrierNetwork</key> <string>iPad</string> </dict> </array> This is a bit weird. If I collect the same information from an iPhone(iPhone 15 Pro Max) that only uses wifi and does not use Usim or Esim, it does not respond with values ​​like ICCID, CurrentMCC, etc. <key>ServiceSubscriptions</key> <array> <dict> <key>IMEI</key> <string>blah blah</string> <key>Slot</key> <string>CTSubscriptionSlotOne</string> </dict> <dict> <key>EID</key> <string>blah blah</string> <key>IMEI</key> <string>blah blah</string> <key>Slot</key> <string>CTSubscriptionSlotTwo</string> </dict> </array> I'm confused by the network information collected. Is there a reason why the collected network information of iPad and iPhone are different?

short version question: why some users after deleting and downloading back my in-house app, cannot start the new process for approving developer, but instead it tries to start and then crashes immediately? long question version I am maintaining an in-house distributed enterprise app. due to update in iOS 18 update here users need to trust the developer via a new procedure that involves restarting device and inserting the phone code. after thousands (more or less 30.000) of users with no issue at all, some of them has this problem, the old (expired)trust seems to be persistent and never updated. Standard events a user deletes the app via settings > general > VPN & device management or via classic persistent touch procedure checks no other presence of the app is on the device via spotlight. since it is the only app with "MyDeveloperName" on the phone, if users goe back to VPN & device management screen, no app or developer will be present. user downloads new version of the app. If taps directly on the icon there is a system alert with says the developer must be trusted. a this point in settings > general > VPN & device management you can find a line with developer name, tapping on it we find a screen where user finds a white button with BLUE message "authorize MyDeveloperName" and follows procedure. My issue is that some users get following different behavior, and I do not understand why: ❌ tapping on downloaded app icon: no alert, but app tries to start then crashes. ❌ going in VPN & device management screen there is only RED write button "delete app" in both paths, working and not working, the app results "verified" in VPN & device management screen (Apple says old authorizations are preserved.)

I have come across this Hideable attribute for managed apps, introduced in iOS 18.1, and I've encountered some behavior that seems to contradict the official documentation. According to Apple's documentation for app.managed.yaml, setting the Hideable key to false under the Attributes section should prevent a user from hiding the app. The documentation explicitly states: If false, the system prevents the user from hiding the app. It doesn't affect the user's ability to leave it in the App Library, while removing it from the Home Screen. I have configured this in my app.managed.yaml and successfully applied the profile to my test device via our MDM server. However, I am still able to hide the application from both the Home Screen and the App Library. Here are the steps I'm taking to hide the app: Long-press the app icon on Home Screen Select "Require Touch ID" Select "Hide and Require Touch ID" Authenticate using Touch ID Select "Hide App" After these steps, the app is no longer visible on the Home Screen or in the App Library, which is contrary to the behavior described in the documentation for when Hideable is set to false. My question is: Is this a known issue or a potential bug in iOS 18.1? Or, is there an additional configuration profile or a specific device supervision requirement that I might be missing to enforce this restriction correctly? Any clarification would be greatly appreciated! Thank you!

I'm currently testing app updates using the App:Managed declarative device management payload, and I have a question regarding app update status reporting. Presently, by subscribing to the app.managed.list status item, we can retrieve a list of managed applications along with their installation status. Additionally, we enable automatic updates for managed App Store apps using the UpdateBehavior.AutomaticAppUpdates key. However, especially when a critical application update is initiated, we frequently find ourselves needing more detailed information about the update process. For instance, having status items similar to softwareupdate.install-state and softwareupdate.failure-reason would be incredibly helpful for user troubleshooting. My question is: Is there a way to obtain a similar level of detailed, real-time status updates for app updates? Any insights you might have, or existing methods to achieve this, would be greatly appreciated. Thank you.

I've been running the betas fine for a while, now, where do you want to go??

Apple iPad Air device failing to enroll through ABM with "failed to retrieve configuration" error. This error occurs while reaching Apple ABM for fetching MDM server enrollment details. When we checked console logs when enrolling the device we found following error: ​default 13:54:07.229022+1000 teslad Error: Error Domain=MCCloudConfigurationErrorDomain Code=34004 "The cloud configuration server is unavailable or busy." UserInfo={NSLocalizedDescription=The cloud configuration server is unavailable or busy., CloudConfigurationErrorType=CloudConfigurationFatalError} default 13:54:07.229120+1000 Setup Service completed default 13:54:07.230096+1000 Setup Could not retrieve cloud configuration. Error: <Error domain: MCCloudConfigErrorDomain, code 33001>\ Feedback raised along with screenshot and console logs as well : FB17785513. Please analyse this issue and reply back to us.

We are developing an MDM (Mobile Device Management) solution for device management purposes, and our current implementation process is as follows: 1. Configure DEP profile to obtain profile_uuid We configured a DEP profile with the following parameters to retrieve the profile_uuid: { "allow_pairing": true, "anchor_certs": [], "auto_advance_setup": true, "await_device_configured": false, "configuration_web_url": "", "department": "test define profile", "devices": ["MNWF07QD9M"], "is_mandatory": false, "is_mdm_removable": false, "is_multi_user": false, "is_supervised": true, "language": "zh", "org_magic": "", "profile_name": "Enrollment Profile - MNWF07QD9M", "region": "cn", "skip_setup_items": [ "Accessibility", "ActionButton", "Android", "Appearance", "AppleID", "AppStore", "Biometric", "CameraButton", "DeviceToDeviceMigration", "Diagnostics", "EnableLockdownMode", "FileVault", "iCloudDiagnostics", "iCloudStorage", "iMessageAndFaceTime", "Intelligence", "Keyboard", "MessagingActivationUsingPhoneNumber", "Passcode", "Payment", "Privacy", "Restore", "RestoreCompleted", "Safety", "ScreenTime", "SIMSetup", "Siri", "SoftwareUpdate", "SpokenLanguage", "UpdateCompleted", "WatchMigration", "WebContentFiltering" ], "supervising_host_certs": [], "support_email_address": "", "support_phone_number": "", "url": "https://mdmp.com/mdm/apple/enroll?shopId=1" } We sent a POST request to the /profile endpoint with the above payload, and the response returned the profile_uuid: 605FB5C274303C19189C9B99DCD3280D. 2. Assign the profile We sent a POST request to the /profile/devices endpoint, including the aforementioned profile_uuid and the target devices list in the request body. 3. Scan the device with Apple Configurator 2 We used Apple Configurator 2 to scan and enroll the target device. Issue Encountered After the device restarts twice, it fails to retrieve the mobileconfig file from the URL: https://mdmp.com/mdm/apple/enroll. We are using Nginx as the web server and have enabled access logging, but the logs show no incoming requests from the device to the /mdm/apple/enroll endpoint at all. Could you please help identify where we might have made a mistake in this process?

Hello folks, I stumbled upon a weird CNContact serialization problem. I use the Contacts framework to update the AIM field, which is one of the instantMessageAddresses within a single Contact. Here is the simplified code I used: func updateAIMFieldOn(contact: CNContact, aimValue: String) { do { guard let mutableContact = contact.mutableCopy() as? CNMutableContact else { logger.error("[CM] Couldn't update contact with aim \(aimValue)") return } var updatedAddresses = mutableContact.instantMessageAddresses updatedAddresses.append(CNLabeledValue(label: "", value: CNInstantMessageAddress(username: aimValue, service: CNInstantMessageServiceAIM))) mutableContact.instantMessageAddresses = updatedAddresses let saveRequest = CNSaveRequest() saveRequest.update(mutableContact) try CNContactStore().execute(saveRequest) logger.verbose("Contact's AIM updated successfully!") } catch { logger.error("Couldn't update contact") } } And after serializing the contact to data, and then deserializing, the contact got two AIM fields with the same value: X-AIM;type=pref:some:part:of_my_aim_value IMPP;X-SERVICE-TYPE=AIM;type=pref:some:part:of_my_aim_value Why does it work in this manner? Is it possible that ":" char causes that? Format of my aim username is {some:part:of_my_aim_value}. I didn't find any information in the docs. Thanks!

Three months ago I molded a mold program. I believe could be tweaked and tried unlined zero code. swear. anyway I would like to scale with some people if I can go to commercial area code phoned series and calls.and if I have rights. but my next moves for them. on iOS I think they should have a seri settings. where they can call seri.on settings, and it jump many codes-and navigation is hard. plus I think seri can help in settings expecially since seri settings is verbal drop. if the words fit or are similar it cues goes to but you have to hard call the switch.so there’s no hey no Sami where you setting no Sammy right I think it could skip cauldron and everything verbally either. Seri settings I think iOS should try it.

Hi, I’m an enterprise developer, and we distribute our internal iOS app through a direct download link on our company website (not via App Store or TestFlight). The app is properly signed and works fine on most devices including iPhones and regular iPads. However, on iPad Pro 11-inch (4th generation), the app crashes immediately upon launch when installed via the website. Interestingly, if we install the exact same app via Xcode, it runs without issue on the same device. We also tested a third-party enterprise app called "Taipei On", and it showed the same crash behavior when installed via direct web download on the same iPad model. This leads us to believe the issue may be more widespread or specific to this iPad Pro model or recent iOS versions. Furthermore, some of our users with iPhone 15 devices have started experiencing similar crashes recently, even though they had no issues before. Is this a known issue related to enterprise app distribution or IPA installation behavior on certain devices? Any advice or insight from the Apple team or other developers would be appreciated. Thanks!

Hi Apple Team & Community, The new Introduction of Platform SSO during ADE Enrollment is Great And we tried implementing this. As a Rule mentioned in the Documentation Initially MDM Server should send 403 response with Response Body adhering to ErrorCodePlatformSSORequired when HTTP Header for MachineInfo request contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true There are contradictory claims mentioned in Document, In Process Platform SSO Required Response it is mentioned that MDM Server should send body as JSON Object for ErrorCodePlatformSSORequired Example below >>>>> Response HTTP/1.1 403 Forbidden Content-Type: application/json Content-Length: 558 { "code": "com.apple.psso.required", "description": "MDM Server requires the user to authenticate with Identity Provider - BY MEMDM", "message": "The MDM server requires you to authenticate with your Identity Provider. Please follow the instructions provided by your organization to complete the authentication process - BY MEMDM", "details": { "Package": { "ManifestURL": "https://platform-sso-node-server.vercel.app:443/manifest" }, "ProfileURL": "https://platform-sso-node-server.vercel.app:443/profile", "AuthURL": "https://platform-sso-node-server.vercel.app:443/auth" } } But in the same Document a Sample HTTP Response was Provided but seems to be XML format as below >>>>> Response HTTP/1.1 403 Forbidden Content-Type: application/xml Content-Length: 601 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Code</key> <string>com.apple.psso.required</string> <key>Details</key> <dict> <key>ProfileURL</key> <string>https://mdmserver.example.com/psso.mobileconfig</string> <key>Package</key> <dict> <key>ManifestURL</key> <string>https://mdmserver.example.com/psso-app.plist</string> </dict> <key>AuthURL</key> <string>https://idp.example.com/authenticate</string> </dict> </dict> </plist> From Github I assume that both Response Types are welcomed hence I tried with Both Followed in JSON Mode, I redirected the HTTP request if MachineInfo contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true to https://platform-sso-node-server.vercel.app/redirectedDEPJSON Followed in XML Mode, I redirected the HTTP request if MachineInfo contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true to https://platform-sso-node-server.vercel.app/redirectedDEPXML In both Response Modes OS is not proceeding after and a error Stating Enrollment with Management Server Failed , Forbidden request (403) appears Can someone kindly guide on where I missed, or is this any OS Bug in Tahoe 26?

I work at a school in NYC and have a software idea that could better support the new NYC phone ban law than current market options (i.e. Yondr pouches). Right now at my school, students and staff scan a QR code upon entering the building to indicate that they are in the building. They scan again on the way out to indicate they've left the building. This is super helpful for attendance, particularly in emergency situations (fire drills, etc). Imagine if when students scanned their QR code, it also activated an app similar to Opal or ScreenZen, but with an admin preset whitelisted apps. The idea is that this app would default deny access to all apps on students' phones except the admin preset whitelisted ones such as Phone, Calculator, etc. Depending on the age/needs of the student, other apps like Spotify, or medical apps could also be whitelisted. My question is -- is this idea possible to create? We would need admin preset controls to create the preset whitelist. We can't have students picking their own restrictions, as we know most would opt to not restrict at all. We would need an admin dashboard so teachers/admin can see which students have activated the app in the building, and which may be trying to sneakily avoid it. We would ideally need to be able to whitelist both system apps like Phone and Calculator, as well as non-system apps such as Spotify (and medical apps -- we have some students who manage/monitor their Diabetes with an app). I don't have a background in software. I'm a math and health teacher. I've experimented with trying to have friends who majored in CS to create this app for me, but they've all either struggled/lost interest. So I'm also looking for a business partner in this venture. If anyone has any guidance here, it would be so helpful! My boss (Head of School) is super interested in this idea and significantly prefers it to every other alternative that he has encountered. The problem is this idea does not exist yet! Note: I know this is a super similar idea to the app and product "Brick". Notably, though, Brick does not have the ability for admin preset controls, or the admin dashboard. We reached out to the company to see if they're create this for us and they said it's a back burner idea that they're aware of, but it's not a priority for them right now. Thank you for any guidance!

My company signed the application with enterprise certificate, the Provisioning Profile expired on March 20, 2025. Some iPhones didn't update the application before the expiration. We have update the Provisioning Profile and repackaged application. However, these iPhones still can't use the application after reinstalling the new ipa. After opening the application, the screen is blank and then flashes back without any error prompt. Restarting iPhone didn't help.

I'm currently implementing a managed app using the new AppConfig specification. I referred to Apple's official documentation: Specifying and decoding a configuration. Based on the example provided in the "Publish your configuration specification" section, I structured my application configuration plist like this: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>configuration</key> <dict> <key>account</key> <dict> <key>username</key> <string>test user</string> <key>password</key> <string>test 123</string> </dict> <key>domain</key> <string>test example.com</string> </dict> </dict> </plist> When I deployed this configuration via my MDM server, the server reported valid for the activation, configuration and asset (which is the plist), but the configuration did not reflect or apply within my app. My app was unable to retrieve these settings. After some troubleshooting, I found that removing the top-level <key>configuration</key> wrapper resolved the issue. The following plist structure successfully pushed the configuration to my app: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>account</key> <dict> <key>username</key> <string>test user</string> <key>password</key> <string>test 123</string> </dict> <key>domain</key> <string>test example.com</string> </dict> </plist> My question is: Is the inclusion of the <key>configuration</key> wrapper (as shown in the Apple documentation example) incorrect for the current AppConfig implementation? Or is this structure intended for a future release (e.g., iOS 26 or beyond) and the documentation implicitly refers to it, causing confusion for current implementation? Any clarification would be greatly appreciated! Thank you!

I want to side load a .ipa file from a Mac to iPhone connected to Mac via USB. I don't want to use ABM or enterprise account. Also these can be any number of unknown devices. Is there any way to set this up automatically?

"To receive payments from Apple, you must add a bank account." As an Apple "Individual" developer, can I accept payments to my corporate card?