In our Device Configuration Policy (MDM Policy) We have Excluded Domains that should prevent VPN traffic for that domain but it's not working for iOS 17.5.1 but were working before!
Explore the intersection of business and app development. Discuss topics like device management, education, and resources for aspiring app developers.
Post
Replies
Boosts
Views
Activity
We are using JAMF profile to configure automatic proxy configuration URL on macOS. The configuration looks as following:
#scutil --proxy
<dictionary> {
BypassAllowed : 0
ExceptionsList : <array> {
0 : https://exception.com
}
FTPPassive : 0
FallBackAllowed : 0
HTTPEnable : 0
HTTPSEnable : 0
ProxyAutoConfigEnable : 1
ProxyAutoConfigURLString : https://pac.com/FailbackWithExclusionsENDUSERS.pac
SOCKSEnable : 0
}
This configuration works fine with normal network. When user tries to connect to a Captive Portal Network, the captive portal login page does not appear but an error page appears as shown below
We need help to identify what is wrong with this configuration causing this error.
I am working with Microsoft Engineers regarding an Intune SCEP User certificate always defaulting and deploying to System keychain.
I have MobileIron in my environment and it is able to deploy SCEP User certificates to the User keychain without issues.
Is there any insight that Apple or anyone else can provide on how to overcome this limitation with Intune SCEP and iOS/iPadOS? Microsoft has made it clear to me this is by design with Apple on Intune and deferred the SME insight to Apple.
The only documentation I have found from Microsoft related to this is below and see the Note it only mentions macOS but it also applies to iOS/iPadOS.
https://learn.microsoft.com/en-us/mem/intune/protect/certificates-profile-scep
Note
Storage of certificates provisioned by SCEP:
o macOS - Certificates you provision with SCEP are always placed in the system keychain (System store) of the device.
Using Apple configurator, I cannot transfer over iPhone 8 ( installed iOS 16.7.8) because of this message:
Si è verificato un errore inatteso con “iPhone di Sandro”.
Impossibile completare l’operazione. Blocco risorsa evitato [NSPOSIXErrorDomain – 0xB (11)]
How can I fix it?
Yesterday, OpenSSH disclosed a critical RCE vulnerability that affects all instances of OpenSSH and released a patch to fix this vulnerability. As a result, do we have any official word from Apple as to when this vulnerability will be fixed? This weakness exposes every macOS device without a strict firewall configured.
Reading Link: https://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html
Im experiencing an error code 12026 when trying to install an app with iTunes Store ID 1163307568 and has tried various solutions but is still unable to install the app. Tried revoking the licenses and pushing the apps again but the error prompt persists.
We have also tried syncing VPP, checking the app license, and purchasing a mild surplus, but still getting the error.
Hi,
I am consuming the API https://gdmf.apple.com/v2/pmv to get the supported apple OS versions. I do get intermittent 403 exception almost every alternate day.
Is there any way to fix this issue for this API? Is there any better and reliable Apple API to get supported apple OS versions across macos, ios etc?
Hi
Does anyone know why the ‘allowVPNcreation’ restriction available to supervised devices doesn’t apply to third-party apps? This Support page says it should: https://support.apple.com/en-gb/guide/deployment/dep0f7dd3d8/web
Thanks
I entered the address but it cannot be verified. I tried Confirm many times but it still doesn't work. Is there anyone in this situation who can help me? Thank you !
I appreciate any suggestions on a problem we're having. Here's what's happening:
We use Visual Studio to create Xamarin and MAUI apps.
We have several apps that all have In-House provisioning profiles attached to the same certificate. Developers upload ipa files to our internal website, so our QA team can install and test them. We have done this in this way for several years.
As of a month or so ago, one of these apps will not install after download. Under the app icon on the device there is a download icon before the app name, and tapping the icon receives in the error message, "This app cannot be installed because its integrity could not be verified."
Something else that stated around the same time is that while the name of our enterprise certificate "iPhone Distribution OurCompanyName" shows in the Signing Identity dropdown. When we select it and open the list again, the list now also has "Unknown (iPhone Distribution OurCompanyName)" as a selection. Timing can't be a coincidence. It must be connected to the problem.
I have made new certificates and provisioning profiles (Ad-Hoc and In-House) several times, but nothing I have tried over the past three days has worked. And, as I mentioned, we have many other apps that work just fine.
Enroll an iOS device via MDM and apply passcode policy with "maxFailedAttempts" setting enabled https://developer.apple.com/documentation/devicemanagement/passcode
Now when the user attempts to unlock device exceeds above "maxFailedAttempts" - the device gets wiped. Now the administrator is unaware of this event.
It would be helpful to get an message/DDM status from device to notify the MDM server that device is wiped due to incorrect passcode attempts.
Is there a way to deploy a client certificate (mTLS) payload with an Application using MDM?
What alternatives are there for accomplishing this? A .p12 is fine if that is the only option, however the app would need to import it into it's keychain and delete the .p12 file (or the MDM would need to do so).
The customer is trying to enroll macOS devices to Hexode via Apple Business Manager (without reset). Upon running the command sudo profiles renew -type enrollment, he received the below error.
Error: DEP enrollment failed: The cloud configuration server is unavailable. (MDMDeviceEnrollment:103)
Upon running the command sudo profiles show -type enrollment in Terminal, he received the following output.
Error fetching Device Enrollment configuration: (34006) Error Domain=MCCloudConfigurationErrorDomain Code=34006 "The cloud configuration server is unavailable." UserInfo={CloudConfigurationErrorType=CloudConfigurationFatalError, NSLocalizedDescription=The cloud configuration server is unavailable., NSUnderlyingError=0x6000012f0060 {Error Domain=com.apple.MobileActivation.ErrorDomain Code=-1 "Failed to create reference key." UserInfo={NSLocalizedDescription=Failed to create reference key., NSUnderlyingError=0x6000012f00c0 {Error Domain=com.apple.MobileActivation.ErrorDomain Code=-1 "Failed to create ref key." UserInfo={NSLocalizedDescription=Failed to create ref key., NSUnderlyingError=0x6000012f0150 {Error Domain=NSOSStatusErrorDomain Code=-25308 "failed to generate asymmetric keypair" (errKCInteractionNotAllowed / errSecInteractionNotAllowed: / Interaction is not allowed with the Security Server.) UserInfo=0x6000009f0440 (not displayed)}}}}}}
The device was assigned to the Hexnode server and listed in DEP devices in Hexnode. It seems to be an Intel device and we tried following troubleshooting steps. He said another user tried out the case and was encountering the same errors. He tried the following steps as part of troubleshooting.
Installed pending OS updates
Re-assigned device to Hexnode server
Cleared NVRAM/PRAM
Switched networks
Turned off firewall and proxies on the device
Re-assigned DEP configuration profile to devices
Re-configured DEP and APNs
Enrolling the device using the enrollment URL does work and he's able to deploy actions as well. He is willing to reset the device and check as well, but he has ~30 devices in ABM that are remote and in use. Since 2 devices encountered the case, he would like to know more about what happened.
We noticed that Apple Login fails if we try to login with Managed Apple ID on iOS 17.2 & 17.3
This issue could have been introduced in iOS 17 but we did not have iOS 17.0 or 17.1 to validate this.
There are few prerequisites to this:
Should be a supervised device. It can be enrolled in ABM or ASM.
Apple ID should be Managed Apple ID
Device should have a passcode policy
Device should have “allowListedAppBundleIDs” added in the “com.apple.applicationaccess” payload
If either of the above conditions are not met, then the issue does not happen.
If the device is set up in the above way and we try to login with Managed Apple ID, then the login fails.
Please refer the recording at this link: https://drive.google.com/file/d/1XG17loAuH_GB1IyGdwD8txjkHZWqGeD1/view?usp=drive_link
We reproduced the issue three times and got the log files:
Issue occurred at: 21st March 2024 at 19:54:58 IST
a. Log file name: sysdiagnose_2024.03.21_19-55-26+0530_iPhone-OS_iPhone_21D50(07.54.58 pm).tar.gz
b. Link: https://drive.google.com/file/d/1nk-cQPrVEZrAUgVmrxPCsSRDd4aNF8eK/view?usp=drive_link
Issue occurred at: 21st March 2024 at 19:59:44 IST
a. Log file name: sysdiagnose_2024.03.21_20-00-02+0530_iPhone-OS_iPhone_21D50(07.59.44 pm).tar.gz
b. Link: https://drive.google.com/file/d/1VPcF77G2SK2c1rBK4S2GbLCAiQEeYPOB/view?usp=drive_link
Issue occurred at: 21st March 2024 at 20:03:27 IST
a. Log file name: sysdiagnose_2024.03.21_20-03-39+0530_iPhone-OS_iPhone_21D50(08.03.27 pm).tar.gz
b. Link: https://drive.google.com/file/d/1zlLLMd0ugJoiZtmpWlarREFDl1vjZoWP/view?usp=drive_link
During the above tests, this was the setup
Passcode Policy:
a. requireAlphanumeric: true
b. minLength: 13
c. allowSimple: false
allowListedAppBundleIDs: This can be anything but atleast one of them should be enabled. For example
a. com.apple.AppStore
b. com.apple.MobileAddressBook
c. com.apple.calculator
d. com.apple.camera
e. com.apple.DocumentsApp
f. com.apple.facetime
What results I expected: The user should be able to login without an issue
What results I actually saw: The user does not login
We also created a ticket in Feedback assistant in March but haven't received any response: FB13694721
Since the release of macOS 14.0, we have encountered issues with the Content Filtering MDM Payload. This problem is unusual but can be resolved by restarting the system.
Prerequisites:
macOS 14 or higher
Any Mac with a Silicon (ARM) processor
Restrictions Payload and Parental Content Filtering Payload must be installed on the device, either manually or through any MDM service
Issue Details:
When the Parental Content Filtering Payload is removed after installation, it causes internet issues, and browsers display "The site can't be reached".
This affects applications as well, with Safari being the only application that continues to work.
The issue can be resolved by either re-adding the Content Filtering Payload or restarting the Mac.
Links:
Restriction Payload: https://drive.google.com/file/d/1buwLFgbjTRXij9ZSv1QrDeRnWbFfKNtq/view?usp=drive_link
Content Filtering Payload: https://drive.google.com/file/d/1eAJiBg4N__dML65MRDH7hYCocuTqOCcu/view?usp=drive_link
System Logs: https://drive.google.com/drive/folders/1hKKNAoMn_4x1CqMTxz1bPrUucCbftjO9?usp=drive_link
Screen Recording: https://drive.google.com/file/d/1uS8CJqe9p9DG9XzhUnIsY35eme4Dxs60/view?usp=drive_link
Hi,
I would like to introduce you to the problem of my client, who is probably one of the first Apple Business Manger users in Poland.
The client created an ABM instance and verified it. He also created a second administrator account as recommended, and added the first device. The problem was that these accounts were accessed by one person who used Cyber Ark to save credentials. After saving the credentials for the administrator accounts, an error occurred with Cyber Ark and the passwords of these accounts were saved incorrectly. The customer has since lost access to the verified ABM instance with one device already added.
Can you advise me on what to do in this situation? Can https://iforgot.apple.com/ help in any way here?
Thanks a lot for all your help
Best Regards,
XVsorim
The wallet App on a managed business ID is currently not able to store credit cards or flight tickets.
When can we expect to have this functionality? Is there a reason why it's not possible to store the cards at the moment?
My application supports Custom URL Schema which is used to perform an open operation. My application is used as a helper app for MDM, hence it will be installed as a Managed Application. I want only the other Managed Applications to be able to invoke the Custom URL Schema and not allow it for unmanaged applications. Is there any such provision provided by Apple MDM protocol?
I know Apple Engineers are busy and it’s just been WWDC, but things seem very quiet here. There have been 17 posts in the past 10 days and only 6 of them have any replies. It’s great that non-Apple Engineers offer advice and assistance, but I kind of thought there’d be at least a reply from an Apple Engineer to each post?
I initially tried to connect the iPad with the MacBook and execute the process. The iPad was reseted but not registered in the Apple Business Manager. After this failed, I tried to scan the blue circle on the iPad in the network area using my phone. However, no blue circle appears. What can I do?
Every device is on the newest software update.