In Declarative Device Management there is the Get Server Supported Declarations endpoint that is sent via an MDM Check-In request. Is this supposed to return all of the declarations supported by the server, or only the ones that are intended for the device making the request? This seems like a bad choice of naming for that endpoint and, if my assumption is correct it should be named more along the lines of "Get Device Declarations" Or am I fundamentally misunderstanding DDM and our server should be sending all declarations we have to the device and the device controls them via activations? This seems counter to the pitch around scalability and performance improvements that DDM offers if we have to send literally everything to the device even if it's known to not be needed, and similarly if the device doesn't support it but the server does then obviously(?) the server shouldn't send it to the device.

Can someone please explain the purpose of the ManagementServerCapabilities declaration in Declarative Device Management? I understand based on the documentation that it contains a "dictionary that contains the server’s optional protocol features" but what would be an example of an "optional protocol feature"?

We're trying to make our Content Filter solution work on Shared iPads. We leverage the Network Extension framework, more specifically the Content Filter Providers. On regular, 1:1 iPads, this works perfectly fine. However, on Shared iPads we see some weird behaviour. Upon logging in with a MAID everything initially seems fine. However, in about 5 to 10 seconds the user is automatically logged out and an error indicating "a connection to iCloud could not be made" is presented to the user. After investigating the logs it turns out this is caused by the fact that the network is unreachable. For example: Jan 19 00:33:04 cloudd(CFNetwork)[5867] <Error>: Task <F5DC7C46-422D-4265-A364-B3C859BF6291>.<1> finished with error [-1009] Error Domain=NSURLErrorDomain Code=-1009 UserInfo={_kCFStreamErrorCodeKey=50, NSUnderlyingError=0xefe89ffc0 {Error Domain=kCFErrorDomainCFNetwork Code=-1009 UserInfo={_NSURLErrorNWPathKey=unsatisfied (Path was denied by NECP policy), interface: en0[802.11], ipv4, dns, uses wifi, _kCFStreamErrorCodeKey=50, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=<private>, _NSURLErrorRelatedURLSessionTaskErrorKey=<private>, NSLocalizedDescription=<private>, NSErrorFailingURLStringKey=<private>, NSErrorFailingURLKey=<private>, _kCFStreamErrorDomainKey=1} Test device: iPad Pro (11-inch) running iPadOS 17.2 (21C62) My assumption: It looks like the filter providers start "too late". In the meantime the device is trying to reach the network, but since there is a Content Filter configuration in place all traffic is denied until the extension is started (and the completionHandler has been called with a nil error). I can see in the logs that, about 5 seconds after the home screen is visible, the Content Filter Providers are starting: ... Jan 19 00:52:54 neagent(NetworkExtension)[7086] <Notice>: Extension request with data extension <our filterData bundle ID> started with identifier 63576D2C-A484-4D07-9753-ADC99BFDB7A6 ... Jan 19 00:52:55 neagent(NetworkExtension)[7086] <Notice>: Extension request with control extension <our filterControl bundle ID> started with identifier 51D19516-C860-48B8-AB83-0F43D5F613CB ... Is my assumption correct? Are the Content Filter provider even officially supported by Apple on Shared iPads? Is there anything we can do to fix this issue?

On WWDC 2023 Apple announced this: https://developer.apple.com/videos/play/wwdc2023/10040/?time=648 And as you can see and hear, they are saying: "In the past, entire System Preference panes were hidden to fulfill this requirement. With the introduction of System Settings, we were able to implement a granular management approach. Instead of hiding entire panes, the administrator can restrict modifications of a specific setting which now shows a label about its management state." But where Apple Developer documentation can I find the payload for this? The only thing I was abble to find is https://developer.apple.com/documentation/devicemanagement/systempreferences which is DEPRECEATED for 13.0 macOS.

Hello everyone! The first time I needed Apple Support I had to wait 2 weeks. I wrote now 5 days ago to change my entity type from Individual to Company and I am afraid I am going to wait weeks or months for such a thing to happen. I wrote countless support emails asking for an update on my case number 102275785042, but I am receiving only the confirmation email that is lying that it takes 48 to respond. I have wrote my first app but I am stuck on this and everything is going to be for nothing because my client is leaving me. Taking in account that I don’t have an option to call, what can I do to get an answer from Apple? I am in Romania. If I get a phone number of a country that they really do offer support, will I be able to call, or have the issue addressed? I am getting desperate

Hi everyone. I've been trying to set up my Macs in Intune. One of the key requirements is to create a push certificate for my environment. I can get past the upload page on the Apple Push Certificate Portal. Once I click the upload button on the web page after choosing my CSR file, I get this the page on the CSR file "The page you’re looking for can’t be found". I get the same message every time I refresh or log back into the page doing these steps. I don't know what to do. Would anyone have any advice on this? Or is this solely an Apple problem? Just if it's of any relevance, I am in Australia.

I have a question. When the DDM status report is sent from a DDM device, normally an empty response is returned. However, if we return a non-empty response that includes an arbitrary string, the device sends us the declaration-items request. Is this behavior correct? device| --status reort--------&gt; |server device| &lt;------a non-empry----- |server device| --declaration-items---&gt; |server. Is this behavior correct?

Dear support team, i hav to renew the Apple Push-Tokens between MS Endpoint and Apple SchoolManager on several tenants/mdm. It always end with an error. I a´m using Microsoft Edge, Windows 11

I'm the IT Admin in my company. We use Microsoft Intune, which is a Mobile Device Management tool, to manage our devices and apps. I created an app protection policy, restricting the data can only be shared between the allowed apps. For example, if our user want to copy the content in Outlook for iOS to WeChat or personal memo, the action will be blocked. However, may be it's too strict, here is the scenario that we need to hadle: A user selected the content in the Outlook for iOS mail, and wanted to use the "translate" function to do translation. Before the app protection policy was deployed, he can do the translation successfully. And now, it's blocked. Therefore, we need to find a way to exempt the app "Translate" so that users can do the translation successfully. We put the value "com.apple.Translate"(this is a package ID listed in the official document of Apple) to the exemption, but it's not working. May I know what is the correct "value" for the iOS native Translate APP? I need to put this value to our app protection policy to exempt Translate app. Thank you so much.

Hi! Notice for the VPN of type "Always On", this site indicates a ApplicationExceptions key. But on the configuration manual it's not found. I'm trying to indicate a couple apps that should be able to bypass the always on vpn, but it doesn't seem to work. Any ideas? THanks appears here: https://developer.apple.com/documentation/devicemanagement/vpn/alwayson/applicationexceptionelement not here: https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf

As enterprise endpoint security/data loss prevention application, we need to detect data which is being transferred out of the enterprise context from their MacOS filesystem through applications like Cloud Sync or Email. Depending on the file content, type and size, we require some time for scanning the content being sent. This can range from milli seconds to few minutes for very large contents. But the Endpoint Security message has to be responded within the provided message deadline else application will be killed. This deadline is reducing with every macos release and its now only 15 seconds on macos sonoma which is blocking our use case of completing the scan before responding. We may scan it before but it imposes challenges of the data being modified before actual sent. So, we have to scan it on the fly and cant rely solely on the previous scans. Is there any way an Enterprise can customize this deadline value depending on the ES message and scanning application may be through MDM setting?

I can't find the problem.. - The simulator is stopping after opening the app... Database`property wrapper backing initializer of ContentViewViewModel.currentUserId: 0x104c12bd0 <+0>: sub sp, sp, #0x50 0x104c12bd4 <+4>: stp x29, x30, [sp, #0x40] 0x104c12bd8 <+8>: add x29, sp, #0x40 0x104c12bdc <+12>: str x8, [sp, #0x10] 0x104c12be0 <+16>: mov x8, x0 0x104c12be4 <+20>: str x8, [sp, #0x8] 0x104c12be8 <+24>: mov x0, x1 0x104c12bec <+28>: str x0, [sp, #0x18] 0x104c12bf0 <+32>: stur xzr, [x29, #-0x10] 0x104c12bf4 <+36>: stur xzr, [x29, #-0x8] -> 0x104c12bf8 <+40>: stur x8, [x29, #-0x10] 0x104c12bfc <+44>: mov x1, x0 0x104c12c00 <+48>: stur x1, [x29, #-0x8] 0x104c12c04 <+52>: bl 0x1053b9a88 ; symbol stub for: swift_bridgeObjectRetain 0x104c12c08 <+56>: ldr x9, [sp, #0x8] 0x104c12c0c <+60>: ldr x8, [sp, #0x10] 0x104c12c10 <+64>: ldr x1, [sp, #0x18] 0x104c12c14 <+68>: add x0, sp, #0x20 0x104c12c18 <+72>: str x9, [sp, #0x20] 0x104c12c1c <+76>: str x1, [sp, #0x28] 0x104c12c20 <+80>: adrp x1, 2556 0x104c12c24 <+84>: ldr x1, [x1, #0xa00] 0x104c12c28 <+88>: bl 0x104c12c40 ; Combine.Published.init(wrappedValue: Value) -> Combine.Published<Value> at <compiler-generated> 0x104c12c2c <+92>: ldr x0, [sp, #0x18] 0x104c12c30 <+96>: bl 0x1053b91a0 ; symbol stub for: swift_bridgeObjectRelease 0x104c12c34 <+100>: ldp x29, x30, [sp, #0x40] 0x104c12c38 <+104>: add sp, sp, #0x50 0x104c12c3c <+108>: ret // // ContentViewViewModel.swift // Database // // Created by Maxi on 25.03.24. // import Firebase import FirebaseAuth import Foundation class ContentViewViewModel: ObservableObject { @Published var currentUserId: String = "" private var handler: AuthStateDidChangeListenerHandle? init () { self.handler = Auth.auth().addStateDidChangeListener{ [weak self] _, user in DispatchQueue.main.async { self?.currentUserId = user?.uid ?? "" } } } public var isSignedIn: Bool { return Auth.auth().currentUser != nil } } // // ContentView.swift // Database // // Created by Maxi on 25.03.24. // import Firebase import FirebaseAuth import SwiftUI struct ContentView: View { @StateObject var viewModel = ContentViewViewModel() var body: some View { VStack { NavigationView { if viewModel.isSignedIn, !viewModel.currentUserId.isEmpty { //signed in HomeView() } else { LoginView() } } .padding() } } } struct ContentView_Previews: PreviewProvider{ static var previews: some View { ContentView() } } // // HomeView.swift // Database // // Created by Maxi on 25.03.24. // import SwiftUI struct HomeView: View { var body: some View { Text("Welcome to your Account!") } } #Preview { HomeView() } // // LoginViewViewModel.swift // Database // // Created by Maxi on 25.03.24. // import FirebaseAuth import Foundation class LoginViewViewModel: ObservableObject { @Published var email = "" @Published var password = "" @Published var errorMessage = "" init() {} func login() { guard validate() else { return } //Try log in Auth.auth().signIn(withEmail: email, password: password) } private func validate() -> Bool { errorMessage = "" guard !email.trimmingCharacters(in: .whitespaces).isEmpty, !password.trimmingCharacters(in: .whitespaces).isEmpty else { errorMessage = "Bitte füllen Sie alle Felder aus." return false } guard email.contains("@") && email.contains(".") else { errorMessage = "Bitte geben Sie eine gültige Email-Adresse ein." return false } return true } } // // LoginView.swift // Database // // Created by Maxi on 25.03.24. // import SwiftUI struct LoginView: View { @StateObject var viewModel = LoginViewViewModel() var body: some View { NavigationView { VStack { //Header HeaderView() if !viewModel.errorMessage.isEmpty{ Text(viewModel.errorMessage) .foregroundColor(Color.red) } Form{ TextField("E-Mail Adresse", text: $viewModel.email) .textFieldStyle(DefaultTextFieldStyle()) .autocapitalization(/*@START_MENU_TOKEN@*/.none/*@END_MENU_TOKEN@*/) SecureField("Passwort", text: $viewModel.password) .textFieldStyle(DefaultTextFieldStyle()) CreateAccountButton( title: "Anmelden", background: .blue) { viewModel.login() } } //Create ACC VStack { Text ("Neu hier?") //Show registartion NavigationLink ("Erstelle einen Account", destination: RegisterView()) } } } } } struct LoginView_Previews: PreviewProvider{ static var previews: some View { LoginView() } }

Good morning, community. I have an organization account. When creating the first application, it asked for the name of the organization again, in which I accidentally filled with the name of the application. Now, when trying to submit my app, I am told that I need to provide files showing that I'm the owner of that company, etc. But in reality, there's no company with that name, as it's only the name of the application. Is there a way to change this developer name back to my organization's name? I've seen this link, and they say there's no way to change it. What could I do in this scenario? I just enrolled; should I remove the account and enroll as an organization again? I need support, please. Thank you guys in advance.

Query: My ex colleague opened a individual apple developer account and we mutually published app there, but later on, he get separated, and move to an other town. I keep on using same account but he stopped. I don't have his contact detail as he have changed is contact and all details. Now I want to transfer account holder role to my name, where as apple says one can only do it in below scenario. ""Account Holder transfers for individual members are granted when a minor reaches the age of majority and can receive the Account Holder role from their guardian, or when the Account Holder is deceased. Assistance is required from Apple Developer Support."" Any Solution to my Problem?

I'm developing for DEP (Device Enrollment Program). Each time a new iPhone is added through the configurator, I have to call the API at https://developer.apple.com/documentation/devicemanagement/assign_a_profile to assign a predefined configuration profile to the device. Is there a way to automatically assign new devices to a default configuration profile?

Anyone know what the DeclarationType string values are for the Asset declarations? UserIdentity asset defines the type as com.apple.asset.useridentity. There is no such value for UserNameAndPasswordCredentials. Has anyone been able to install this type of declaration?

Please tell me two things about "Safari Password Autofill Domains" in my domain settings. Incident The behavior of the following items in the Domains setting differs between "no setting" and "edit and delete setting values". Subject: Safari Password Autofill Domains Steps to Reproduce(Delete the setting value) enter any value in "Safari Password Autofill Domains" in the domain settings and save it. Delete the value entered in step 1. Distribute to the terminal. Result If no settings: A pop-up window will appear asking if the password is to be saved in all domains. The key "SafariPasswordAutoFillDomains" is not present in the configuration profile. Edited to remove the value: The "Save Password AutoFillDomains" popup does not appear for all domains. The key "SafariPasswordAutoFillDomains" exists in the configuration profile and an empty array remains. Question 1. Is it expected that the behavior is different when "Safari Password Autofill Domains" is not configured and when the configuration value is edited and removed? Question 2 Is it expected that "" remains in the configuration profile when the setting value is edited and deleted?

Please Apple... its almost a month now, and I (we) haven't heard back from you. since we have been sending mails.. Consigning our Upgrade to an Organization. I (we) provided all the necessary, Information needed to update our individual apple Developer account to an Organization developer account . and I (we) haven't heard back from you. the error we are getting on our account We’re processing your membership migration from an individual to an organization. Please note that your membership benefits are temporarily disabled during this time. Also... With this delay from getting response from you, we hope our expires for the apple Developer payment would be shifted , as we haven't been able to access our account for almost a month ? Below are the case numbers, generated by apple hopefully fall are correct { 102228853402 } { 102243840694 } { 102245033626 } { 102241341764 } { 102236317557 } { 102229955599 }

In the Apple Business Connect - When adding Attributes to the Place Card>Save>Address is wiped This continuously happens when it clears data fields that were previously saved. https://www.awesomescreenshot.com/video/25583267?key=adc1e136af1ba0b7cfa453dcd613f4b4

We have a few development servers that implement MDM and I am trying to incorporate WatchOS Enrollment. I am having trouble connecting to our enrollment URL that is defined in the watch enrollment payload. The error I get indicates that the server certificate is invalid. I can see this error if I attempt to pair to an iPhone that has the WatchOS enrollment declaration on it and I also see if I send an iMessage with our server url and attempt to open the url using the messages app on the watch itself. The certificate is valid, but the SAN does not define my particular domain but rather it uses a wildcard (i.e. DNS Name: *.domain.com and DNS name: domain.com). The url opens fine on any other Apple device (iPhone, iPad, Mac, etc) as well as windows. My question is, is there some problem with using an SSL server certificate that has a wildcard in place of a specific domain when attempting to connect using WatchOS?