Trying to enroll a device, but during the installation of the enrollment profile getting the error message - The profile (com.xxxxxx.mdm:c1c8048f-1450-447 3-8bba-1c714c4ce492) could not be installed due to an unexpected error. CPProfileManager:-65002"
Explore the intersection of business and app development. Discuss topics like device management, education, and resources for aspiring app developers.
Post
Replies
Boosts
Views
Activity
I have seen that in WWDC24 it is stated from Apple and I have seen examples in the video presentation of how to remove Activation Locks from computers from Apple Business Manager.
Well I've tried and so far we can not do that, I need to do something to apply in my organization? there are some release dates?
Hello folks,
I stumbled upon a weird CNContact serialization problem. I use the Contacts framework to update the AIM field, which is one of the instantMessageAddresses within a single Contact. Here is the simplified code I used:
func updateAIMFieldOn(contact: CNContact, aimValue: String) {
do {
guard let mutableContact = contact.mutableCopy() as? CNMutableContact else {
logger.error("[CM] Couldn't update contact with aim \(aimValue)")
return
}
var updatedAddresses = mutableContact.instantMessageAddresses
updatedAddresses.append(CNLabeledValue(label: "", value: CNInstantMessageAddress(username: aimValue, service: CNInstantMessageServiceAIM)))
mutableContact.instantMessageAddresses = updatedAddresses
let saveRequest = CNSaveRequest()
saveRequest.update(mutableContact)
try CNContactStore().execute(saveRequest)
logger.verbose("Contact's AIM updated successfully!")
} catch {
logger.error("Couldn't update contact")
}
}
And after serializing the contact to data, and then deserializing, the contact got two AIM fields with the same value:
X-AIM;type=pref:some:part:of_my_aim_value
IMPP;X-SERVICE-TYPE=AIM;type=pref:some:part:of_my_aim_value
Why does it work in this manner? Is it possible that ":" char causes that? Format of my aim username is {some:part:of_my_aim_value}. I didn't find any information in the docs.
Thanks!
Hi
Does anyone know why the ‘allowVPNcreation’ restriction available to supervised devices doesn’t apply to third-party apps? This Support page says it should: https://support.apple.com/en-gb/guide/deployment/dep0f7dd3d8/web
Thanks
My application supports Custom URL Schema which is used to perform an open operation. My application is used as a helper app for MDM, hence it will be installed as a Managed Application.
I want only the other Managed Applications to be able to invoke the Custom URL Schema and not allow it for unmanaged applications. Is there any such provision provided by Apple MDM protocol?
After I installed the profile certificate in VPN and device management, I can't see the installed certificate in the certificate trust settings
Hi All,
I'm trying to figure out why there's something tucked in the release notes for macOS 15b1 and iOS 18b1 saying:
“• Profile-based User Enrollment is no longer supported in macOS 15. For User Enrollment, sign in with a Managed Apple Account in Settings.”
If I'm reading this correctly, "UIE" or User Initiated Enrollment in Jamf parlance, will not be possible on macOS 15 and iOS18 going forward...
But, there is ZERO mention of this in the video about what's new for Management, or what's new for IT document.
I work in higher ed, and sadly, we get a lot of out of band purchases that aren't ADE eligible. And we've been told for years, and continue to be told, that Managed Apple ID's aren't appropriate for Higher Ed.
So this is a big deal if this is being removed, and I find it disturbing it's being tucked away in release notes rather than being broadcast in every location. Heck, for small shops that don't have ASM or ABM, this means no MDM (they won't have managed Apple Accounts to enroll, they won't have ADE)? I happen to use a free Jamf Now system for home managing some personal home devices... I won't be able to do this with macOS 15/iOS 18?
After I installed the profile certificate in VPN and device management, I can't see the installed certificate in the certificate trust settings
Hello,
I’ve run into an issue with a configuration profile on my supervised iPhone. I’m wondering if anyone here might be able to help?
The profile contains the allowListedAppBundleIDs key within the restrictions payload. My Apple Watch is paired with the iPhone. The iPhone was supervised manually with Apple Configurator, hence the Apple Watch has not been directly supervised itself.
The profile works completely as expected when installed on the phone. As soon as the profile is installed on the iPhone, I can witness the apps on the Apple Watch rearrange themselves as some apps are hidden. So clearly the profile is applying its restrictions to the Apple Watch to some degree.
My issue however is that apps listed in the whitelist are hidden from the Watch. The apps that are missing from my Watch are Walkie Talkie, Find My Items, Find My Friends, Messages, Alarm, Remote, Now Playing, Sleep, Meditation and Heart Rate. This is despite the following bundle IDs being listed in the whitelist array: com.apple.findmy.findpeople, com.apple.findmy.finddevices, com.apple.HeartRate, com.apple.SessionTrackerApp, com.apple.NanoWorldClock, com.apple.findmy.finditems, com.apple.Mind, com.apple.NanoOxygenSaturation, com.apple.watchmemojieditor com.apple.NanoSleep com.apple.NanoNowPlaying com.apple.noise com.apple.tincan com.apple.NanoRemote com.apple.NanoAlarm com.apple.private.NanoTimer com.apple.NanoStopwatch
I’ve done some testing, but not sure what I’ve found really. I’ve so far identified 3 scenarios.
Scenario 1: I have the whitelist profile installed on the iPhone. I download an app that appears in the whitelist from my watch (or at least its iPhone version does). The apps show up on the iPhone automatically and can be launched there. These apps cannot be launched on the watch.
Scenario 2: I downloaded a few apps to my watch, that didn’t automatically install on my iPhone at the same time. They were on the whitelist. These ones couldn’t be launched from my Watch. I then downloaded them to the iPhone and they could be launched there (since they were on the whitelist).
Scenario 3: A couple of 3rd party apps on the whitelist could be downloaded and launched from the watch with the whitelist installed.
It seems as though there are different kinds of Apple Watch app and this is what I’ve read elsewhere. First of all there are Watch-only apps, which do not automatically install a companion iPhone app. Secondly there are companion apps, which when installed from the Watch App Store download their companion app to the iPhone in the background. Someone please correct me - I’m bound to be overlooking something here.
So maybe the apps that when installed from Watch automatically install on iPhone and can only be launched from the iPhone have a separate bundle ID for their Watch app which I haven’t included?
Apps that are on the whitelist AND do not automatically install an iPhone app AND can be launched from the Watch, include:
solstice
What3words
So maybe these do not need a companion app, but have the same Bundle ID as their iPhone app?
However, I’m still not sure why many stock Apple Watch apps are missing from the Watch…. The most obvious answer is that I’ve got their Bundle IDs wrong, but I don’t think I have given I extracted the bundle IDs from the App Store pages of the Apple WatchOS apps.
I noticed at this Apple Support page (https://support.apple.com/en-gb/guide/deployment/dep34c5cd30f/1/web/1.0) that there is no mention of whitelisting or blacklisting apps on WatchOS using MDM, yet something definitely happens on the watch when the configuration profile is installed on the iPhone. Furthermore, if I tap on a configuration profile, which comprises a blacklist, on my iPhone it will ask me if I want to install it on the iPhone or Watch. The same pop-up question doesn’t happen when the profile contains a whitelist.
All this to say, I’m massively confused as to why I can’t get this working. I’d really appreciate anyone’s advice which is bound to be expert.
Thank you
**Sales Tax ** I would love to understand this and find a process I can follow to be successful. I'm pretty new to sales tax world. Has there been a successful process that anybody else follows and can share? To calculate sales tax and do this on a yearly basis? If you're collecting any sales tax through your app with Apple or stripe etc.
For not only the US, but if your product is also in different countries. Again I don't really know this sales tax stuff and I'm trying to learn it as I go.
Hi,
I was trying to configure the Managed Wi-Fi Settings profile for a Mac device which is running on the Sonoma 14 OS. (https://developer.apple.com/documentation/devicemanagement/wifimanagedsettings?language=objc). I wanted to enable admin authorization for turning Wi-Fi on/off, and for switching between Wi-Fi networks. I followed the docs and tried these restrictions in lower macOS versions(Monterey, Mojave), and they are being enabled in the device-end. However for Sonoma devices, the restrictions are not being enabled(even though the profile is being pushed to the device).
While looking around, I came across the fact that the airport cli utility was discontinued recently(https://www.intuitibits.com/2024/03/14/goodbye-airport/, doesn't allow me to hyperlink). So does that affect the working of the Managed Wi-Fi device profile in any way?
Hi, we have Universal Links configured, but it only works with public URLs. In our environment we need to use managed mode - we don't have a public domain. We have found out, that we need to set AssociatedDomainsEnableDirectDownloads key in Intune. However we are struggling with the right plist format. Has anyone have it configured correctly?
When I trusted my certificate in 'Setting'->'VPN & Device Management', my device reboot automatically.
After reboot, it showed that "developer of My Team is not trusted in this iPhone", but the app is "verified" in the second column.
The UI looks like:
iOS18 beta:
First Col: Trust "My Team"
Second Col: MyApp Verified
Other versions:
First Col: Delete App
Second Col: MyApp Verified
What's more, my app has plugins(extensions), my app can run normally while the extension is not able to be pulled up on iOS18 beta.
I have a service that can be accessed via browser extensions on Chrome and Firefox. I've had a request for Safari.
Setting up an account is done via a regular browser app, the browser extensions are free but an account with API keys to use it are by subscription.
My question is I assume Apple wants it share, is this correct?
The Safari browser extension requires and API key that is managed via our site. There is a subscription to use the service across different browsers and this is handled by our site NOT the extension. There would be a link to the admin site in the extension
In the case of organizational iPad devices, we need to have them in a more organized way via the homescreenlayout payload. We need to control the dock and the app library. We will be allowing certain apps on the device via allowListedAppBundleIDs, so we want to disable the recent apps in the dock and prevent apps from being duplicated in the app library, including recent apps and Siri suggestions. If there are more options to control the complete screen layout on the device, it would be helpful.
I am a spatial computing / XR and Human-Computer Interaction researcher from a private university. I am interested in using the vision pro's newly-exposed camera access to develop and evaluate new algorithms for computational perception. ( WWDC session here: https://developer.apple.com/wwdc24/10139 )
I understand this is targeted at large enterprises, but I would like to know if by some means as a researcher affiliated with an educational institution I could develop private for-development-only applications for the vision pro with the enterprise APIs enabled. The intent is not to publish apps, but rather to contribute to the research community through R&D.
However, to my knowledge, I would be ineligible as a normal "business" as I do not employee 100+ employees. I am an independent researcher, and on occasion, I collaborate within small research groups within my university that focus on this kind of camera-based perception algorithm development.
Could someone from Apple comment?
Thank you.
The same problem encountered with iOS 17 beta 1 and beta 2 is back:
Unable to create a secure connection to the server ("bad certificate format" -9,808).
Hello there!
I'd like to know if it is possible to use Apple Business Manager API to create an automation for user creation, please.
Thanks in advance.
I'm trying to figure out how to encrypt a configuration profile sent from an MDM.
There is a certificate sent to the MDM during the call to get configuration, is this what I need to be using to encrypt?
and does this certificate use the UID mentioned in the below quote?
"The Secure Enclave includes a unique ID (UID) root cryptographic key. The UID is unique to
each individual device and isn’t related to any other identifier on the device."
I'm trying to figure out how to encrypt the Configuration profile sent to an iPhone, but can only find references to "use CMS" but nothing about what key/certificate I should be using to encrypt...
Can anyone point me in the right direction?