I'm the IT Admin in my company. We use Microsoft Intune, which is a Mobile Device Management tool, to manage our devices and apps.
I created an app protection policy, restricting the data can only be shared between the allowed apps. For example, if our user want to copy the content in Outlook for iOS to WeChat or personal memo, the action will be blocked.
However, may be it's too strict, here is the scenario that we need to hadle:
A user selected the content in the Outlook for iOS mail, and wanted to use the "translate" function to do translation. Before the app protection policy was deployed, he can do the translation successfully. And now, it's blocked.
Therefore, we need to find a way to exempt the app "Translate" so that users can do the translation successfully.
We put the value "com.apple.Translate"(this is a package ID listed in the official document of Apple) to the exemption, but it's not working.
May I know what is the correct "value" for the iOS native Translate APP? I need to put this value to our app protection policy to exempt Translate app.
Thank you so much.
Explore the intersection of business and app development. Discuss topics like device management, education, and resources for aspiring app developers.
Post
Replies
Boosts
Views
Activity
As enterprise endpoint security/data loss prevention application, we need to detect data which is being transferred out of the enterprise context from their MacOS filesystem through applications like Cloud Sync or Email. Depending on the file content, type and size, we require some time for scanning the content being sent. This can range from milli seconds to few minutes for very large contents. But the Endpoint Security message has to be responded within the provided message deadline else application will be killed. This deadline is reducing with every macos release and its now only 15 seconds on macos sonoma which is blocking our use case of completing the scan before responding. We may scan it before but it imposes challenges of the data being modified before actual sent. So, we have to scan it on the fly and cant rely solely on the previous scans.
Is there any way an Enterprise can customize this deadline value depending on the ES message and scanning application may be through MDM setting?
I am trying to find how to configure an application when using an AppManaged declaration. Using MDM, I would send the install command and include the settings in the 'Configuration' key of the command. I have checked the documentation and rewatched the 2023 WWDC video, but it is not mentioned at all.
AppManagedAttributesObject has specific configuration options and doesn't appear to cater for adhoc app specific configurations.
Anyone found a way to accomplish this? There are a number of apps (store and enterprise) that require this functionality in order to be configured remotely.
I can't find the problem.. - The simulator is stopping after opening the app...
Database`property wrapper backing initializer of ContentViewViewModel.currentUserId:
0x104c12bd0 <+0>: sub sp, sp, #0x50
0x104c12bd4 <+4>: stp x29, x30, [sp, #0x40]
0x104c12bd8 <+8>: add x29, sp, #0x40
0x104c12bdc <+12>: str x8, [sp, #0x10]
0x104c12be0 <+16>: mov x8, x0
0x104c12be4 <+20>: str x8, [sp, #0x8]
0x104c12be8 <+24>: mov x0, x1
0x104c12bec <+28>: str x0, [sp, #0x18]
0x104c12bf0 <+32>: stur xzr, [x29, #-0x10]
0x104c12bf4 <+36>: stur xzr, [x29, #-0x8]
-> 0x104c12bf8 <+40>: stur x8, [x29, #-0x10]
0x104c12bfc <+44>: mov x1, x0
0x104c12c00 <+48>: stur x1, [x29, #-0x8]
0x104c12c04 <+52>: bl 0x1053b9a88 ; symbol stub for: swift_bridgeObjectRetain
0x104c12c08 <+56>: ldr x9, [sp, #0x8]
0x104c12c0c <+60>: ldr x8, [sp, #0x10]
0x104c12c10 <+64>: ldr x1, [sp, #0x18]
0x104c12c14 <+68>: add x0, sp, #0x20
0x104c12c18 <+72>: str x9, [sp, #0x20]
0x104c12c1c <+76>: str x1, [sp, #0x28]
0x104c12c20 <+80>: adrp x1, 2556
0x104c12c24 <+84>: ldr x1, [x1, #0xa00]
0x104c12c28 <+88>: bl 0x104c12c40 ; Combine.Published.init(wrappedValue: Value) -> Combine.Published<Value> at <compiler-generated>
0x104c12c2c <+92>: ldr x0, [sp, #0x18]
0x104c12c30 <+96>: bl 0x1053b91a0 ; symbol stub for: swift_bridgeObjectRelease
0x104c12c34 <+100>: ldp x29, x30, [sp, #0x40]
0x104c12c38 <+104>: add sp, sp, #0x50
0x104c12c3c <+108>: ret
//
// ContentViewViewModel.swift
// Database
//
// Created by Maxi on 25.03.24.
//
import Firebase
import FirebaseAuth
import Foundation
class ContentViewViewModel: ObservableObject {
@Published var currentUserId: String = ""
private var handler: AuthStateDidChangeListenerHandle?
init () {
self.handler = Auth.auth().addStateDidChangeListener{ [weak self] _, user in
DispatchQueue.main.async {
self?.currentUserId = user?.uid ?? ""
}
}
}
public var isSignedIn: Bool {
return Auth.auth().currentUser != nil
}
}
//
// ContentView.swift
// Database
//
// Created by Maxi on 25.03.24.
//
import Firebase
import FirebaseAuth
import SwiftUI
struct ContentView: View {
@StateObject var viewModel = ContentViewViewModel()
var body: some View {
VStack {
NavigationView {
if viewModel.isSignedIn, !viewModel.currentUserId.isEmpty {
//signed in
HomeView()
} else {
LoginView()
}
}
.padding()
}
}
}
struct ContentView_Previews: PreviewProvider{
static var previews: some View {
ContentView()
}
}
//
// HomeView.swift
// Database
//
// Created by Maxi on 25.03.24.
//
import SwiftUI
struct HomeView: View {
var body: some View {
Text("Welcome to your Account!")
}
}
#Preview {
HomeView()
}
//
// LoginViewViewModel.swift
// Database
//
// Created by Maxi on 25.03.24.
//
import FirebaseAuth
import Foundation
class LoginViewViewModel: ObservableObject {
@Published var email = ""
@Published var password = ""
@Published var errorMessage = ""
init() {}
func login() {
guard validate() else {
return
}
//Try log in
Auth.auth().signIn(withEmail: email, password: password)
}
private func validate() -> Bool {
errorMessage = ""
guard !email.trimmingCharacters(in: .whitespaces).isEmpty,
!password.trimmingCharacters(in: .whitespaces).isEmpty else {
errorMessage = "Bitte füllen Sie alle Felder aus."
return false
}
guard email.contains("@") && email.contains(".") else {
errorMessage = "Bitte geben Sie eine gültige Email-Adresse ein."
return false
}
return true
}
}
//
// LoginView.swift
// Database
//
// Created by Maxi on 25.03.24.
//
import SwiftUI
struct LoginView: View {
@StateObject var viewModel = LoginViewViewModel()
var body: some View {
NavigationView {
VStack {
//Header
HeaderView()
if !viewModel.errorMessage.isEmpty{
Text(viewModel.errorMessage)
.foregroundColor(Color.red)
}
Form{
TextField("E-Mail Adresse", text: $viewModel.email)
.textFieldStyle(DefaultTextFieldStyle())
.autocapitalization(/*@START_MENU_TOKEN@*/.none/*@END_MENU_TOKEN@*/)
SecureField("Passwort", text: $viewModel.password)
.textFieldStyle(DefaultTextFieldStyle())
CreateAccountButton(
title: "Anmelden",
background: .blue) {
viewModel.login()
}
}
//Create ACC
VStack {
Text ("Neu hier?")
//Show registartion
NavigationLink ("Erstelle einen Account",
destination: RegisterView())
}
}
}
}
}
struct LoginView_Previews: PreviewProvider{
static var previews: some View {
LoginView()
}
}
Good morning, community. I have an organization account. When creating the first application, it asked for the name of the organization again, in which I accidentally filled with the name of the application. Now, when trying to submit my app, I am told that I need to provide files showing that I'm the owner of that company, etc. But in reality, there's no company with that name, as it's only the name of the application. Is there a way to change this developer name back to my organization's name? I've seen this link, and they say there's no way to change it. What could I do in this scenario? I just enrolled; should I remove the account and enroll as an organization again?
I need support, please. Thank you guys in advance.
Query: My ex colleague opened a individual apple developer account and we mutually published app there, but later on, he get separated, and move to an other town. I keep on using same account but he stopped. I don't have his contact detail as he have changed is contact and all details.
Now I want to transfer account holder role to my name, where as apple says one can only do it in below scenario.
""Account Holder transfers for individual members are granted when a minor reaches the age of majority and can receive the Account Holder role from their guardian, or when the Account Holder is deceased. Assistance is required from Apple Developer Support.""
Any Solution to my Problem?
I'm developing for DEP (Device Enrollment Program). Each time a new iPhone is added through the configurator, I have to call the API at https://developer.apple.com/documentation/devicemanagement/assign_a_profile to assign a predefined configuration profile to the device. Is there a way to automatically assign new devices to a default configuration profile?
Please tell me two things about "Safari Password Autofill Domains" in my domain settings.
Incident
The behavior of the following items in the Domains setting differs between "no setting" and "edit and delete setting values".
Subject: Safari Password Autofill Domains
Steps to Reproduce(Delete the setting value)
enter any value in "Safari Password Autofill Domains" in the domain settings and save it.
Delete the value entered in step 1.
Distribute to the terminal.
Result
If no settings: A pop-up window will appear asking if the password is to be saved in all domains. The key "SafariPasswordAutoFillDomains" is not present in the configuration profile.
Edited to remove the value: The "Save Password AutoFillDomains" popup does not appear for all domains. The key "SafariPasswordAutoFillDomains" exists in the configuration profile and an empty array remains.
Question 1.
Is it expected that the behavior is different when "Safari Password Autofill Domains" is not configured and when the configuration value is edited and removed?
Question 2
Is it expected that "" remains in the configuration profile when the setting value is edited and deleted?
Please Apple...
its almost a month now, and I (we) haven't heard back from you. since we have been sending mails.. Consigning our Upgrade to an Organization.
I (we) provided all the necessary, Information needed to update our individual apple Developer account to an Organization developer account . and I (we) haven't heard back from you.
the error we are getting on our account
We’re processing your membership migration from an individual to an organization.
Please note that your membership benefits are temporarily disabled during this time.
Also... With this delay from getting response from you, we hope our expires for the apple Developer payment would be shifted , as we haven't been able to access our account for almost a month ?
Below are the case numbers, generated by apple hopefully fall are correct
{ 102228853402 }
{ 102243840694 }
{ 102245033626 }
{ 102241341764 }
{ 102236317557 }
{ 102229955599 }
In the Apple Business Connect - When adding Attributes to the Place Card>Save>Address is wiped
This continuously happens when it clears data fields that were previously saved.
https://www.awesomescreenshot.com/video/25583267?key=adc1e136af1ba0b7cfa453dcd613f4b4
I would like to know how secure the communication between the reseller and organisation. Because we are providing organisation id and getting the reseller id information. Post providing organisation id, did reseller able to see any information about the organisation or not? If reseller able to see the information then need to know what are all the information they able to see it. Thanks.
Hello,
I could not find information in the doc (which is still beta, I understand) : how are app upgrade handled by DDM AppManaged ?
With MDM, sending InstalledApplication command will upgrade the app to the most suitable recent version ; HasUpdateAvailable flag tells MDM server (more or less accurately) if there is an update and then Organizations can keep apps up to date as quickly as possible if needed.
But with DDM, we just have a declaration where we tell the device to install a given app, and that's it. Is there any detail about how the device upgrades apps, and how frequently ?
Thanks.
We have a few development servers that implement MDM and I am trying to incorporate WatchOS Enrollment. I am having trouble connecting to our enrollment URL that is defined in the watch enrollment payload. The error I get indicates that the server certificate is invalid. I can see this error if I attempt to pair to an iPhone that has the WatchOS enrollment declaration on it and I also see if I send an iMessage with our server url and attempt to open the url using the messages app on the watch itself.
The certificate is valid, but the SAN does not define my particular domain but rather it uses a wildcard (i.e. DNS Name: *.domain.com and DNS name: domain.com).
The url opens fine on any other Apple device (iPhone, iPad, Mac, etc) as well as windows.
My question is, is there some problem with using an SSL server certificate that has a wildcard in place of a specific domain when attempting to connect using WatchOS?
Hi,
I am trying to delete a VPP application from our MDM solution, but it is failing with the error: The app failed to delete. Enure that the app is not associated with any VPP license in Apple Business Manager and try again.
I have revoked ALL the app licenses from our MDM and it shows License not found, when checking. However in ABM it still shows a small number 'in use'. Is there a easy\clever way I can delete the 'in use' licenses from ABM or somehow send a revoke command via API to revoke those licenses in ABM?
Thanks for looking
After I submitted our app, it was rejected with reasons:
`"Regarding 5.1.1, the following fields or actions are required for registration but do not appear to be directly relevant to your app’s core functionality:
Thai National ID
Phone number.
To resolve this issue, it would be appropriate to either remove all required fields that are not relevant to the app or make those fields optional."`
I need the two fields above. How can I resolve it? I asked reviewer but they said they cannot help detail feature for us.
About phone numbers, our system wants to send SMS to them, change passwords, and send notification. Step: (edit profile -> edit phone number -> verify OTP) to change password you can check it.
About Thai National ID, do you think it can be suitable when we use it for KYC, and verify customers? Actually, when the user registers a new account, if we do not approve the account, means KYC is unsuccess, the user will not use any main features (Saving and interest pay invoice). We are using Thai national ID and password to login.
I have found that Declarative management, although intriguing and could be useful in the future, is quite lacking. At this point in development, I don't see an advantage over using MDM commands.
In order for a device to apply policies, the device must first post to a server to receive the manifest set, then for each item in the set, the device must post to the server to get the policy. How is that better than posting via MDM to obtain a policy (configuration profile, app, etc.)? It seems there is no benefit in terms of time complexity. In both scenarios the device would need to make O(n) posts. This doesn't solve the scalability issue with regards to the MDM channel.
The limitation with regards to available native declarations vs configuration profiles means declarative management is not yet ready for prime time. Although the first attempt at solving this through LegacyProfiles allows for installing ConfigurationProfiles, this method adds another POST, so at this point it's 1 post to get the manifest, then 2 mores posts to get the policy, which is even worse that MDM.
Regarding the status channel, the status report is missing quite a bit of device information. Currently, in order to obtain a more complete view of device state using MDM, the MDM server must send a set of commands to get information, installed profiles, apps, certificate, etc. The Status channel includes some of this stuff, but not all of it, which means a device must augment the status channel with some (or all) of these commands.
I am a beta tester on behalf of the College Board for the Bluebook app, which administers the digital SAT. For the first admissions year when most universities are no longer going test-optional, more university-bound sixth-form pupils sit the digital SAT. Some students who are sitting on the SAT could receive an unfair advantage due to them reverse-engineering the app using Ghidra and using that to make a duplicate version of the app which will show correct answers and/or disable Assessment mode to cheat on the exam. I need to know if it is possible, if the student has prior Computer science knowledge, and what is the procedure for doing the following:
Disabling assessment mode through terminal function or another internal coding source
Reverse engineering the Bluebook app, and recreating it through Xcode and editing the code to automatically fill out the correct answer
Reverse engineering the Bluebook app, and recreating it through Xcode and editing the code to disable assessment mode as a whole
Please tell me as this will give those who cheat a severely unfair advantage over those who studied hard for it
The profiles command shows them, but the Store file/directory is blocked off from access (which, I suppose, kinda makes sense).
(We are in the process of getting customers to upgrade the profile, and if I can see whether our profile has an entry, then I can behave differently.)
Hi, I'm looking into ACME Managed Deice Attestation and was wondering about one of the values in the payload - AllowAllAppsAccess.
From the documentation: "If true, all apps have access to the private key" but what is the case that you would have this set to true? seems like it opens up the device to potentially malicious software.
Also, if this were set to true, how would an app access this private key when it is stored in the Secure Enclave? is there a specific tag that it is stored with?
I'm trying to implement ACME managed device attestation, I have ACME server code written in C# and I've been able to get all of the steps working except for the very last one - issuing the certificate.
I so far have not been able to get the device to accept the certificate, the device logs show:
Got certificate {length = ......}
ACME request flow failed at step 9: Error Domain=NSOSStatusErrorDomain Code=-67673 "failed to obtain certificate" UserInfo={NSLocalizedDescription=failed to obtain certificate}
The certificate is issued by an internal CA and the correct root certificate is in the device's trusted certs.
I have tried returning the certificate chain as a file response or content response to the device as a "application/pem-certificate-chain" mime type (as outlined as the default in the ACME RFC), returning just the leaf certificate as PEM, returning the leaf certificate as DER with mime type "application/pkix-cert", "application/pkcs7-mime", "application/x-pkcs12" or "application/x-x509-ca-cert", but none of this has worked.
Can anyone point me in the right direction to figure out what the issue is?