10:17:34.335397+0900 Process SpringBoard Bootstrapping failed for <FBApplicationProcess: 0x4d8eca700; app<com.a.b.c>:> with error: <NSError: 0x300a3d1d0; domain: RBSRequestErrorDomain; code: 5; "Launch failed."> { NSUnderlyingError = <NSError: 0x300a54090; domain: NSPOSIXErrorDomain; code: 85> { NSLocalizedDescription = Launchd job spawn failed; }; }

I am a developer working on iOS apps. I would like to report an issue occurring in iOS 26 beta 2. Our company has Enterprise account, and we are developing apps. When we distribute these apps, and install them on a device running iOS 26 beta2, apps install successfully, but apps crashed immediately after being launched. MDM Install Application When I install the app via Xcode and trust it, apps will run. Launchd job spawn failed This issue does not occur on versions prior to iOS 26. I would like to know if this is a problem that will be resolved in future updates, or if it is a policy change.

Subject: Questions Regarding Signing Certificates for MDM Configuration Profiles Dear all, I hope this message finds you well. I have some questions regarding the signing certificates used for MDM configuration profiles. Currently, our company uses an SSL certificate to sign MDM configuration profiles. However, with the announcement that the validity period of SSL certificates will gradually be shortened starting in 2026, we are considering alternative options for signing certificates. Through our internal testing and investigation, we have found examples of the following certificate chains being used: ・Developer ID - G1 (Expiring 02/01/2027 22:12:15 UTC) + Developer ID Application certificate chain ・Apple Root CA + Apple Worldwide Developer Relations Intermediate Certificate + MDM CSR certificate chain We would appreciate any insights or experiences you can share regarding the following points: Apple Support previously advised that "certificates issued by public certificate authorities (CAs) trusted by Apple" are recommended. The certificates listed at https://www.apple.com/certificateauthority/ are typically preinstalled on Apple devices. Are these considered "trusted public CAs" by Apple in this context? Is it acceptable in practice to use a certificate obtained from the “Certificates, Identifiers &amp; Profiles” section on developer.apple.com for signing MDM configuration profiles? We would be grateful to hear about any real-world experiences. If the answer to question 2 is yes, which certificate type within “Certificates, Identifiers &amp; Profiles” would be most appropriate for signing configuration profiles? If using certificates from question 2 is not suitable, are there alternative certificate types (other than SSL) that are valid for longer periods (e.g., more than one year) and appropriate for signing MDM configuration profiles? Apple's official documents do not seem to clearly specify what type of certificate should be used to sign MDM configuration profiles. If you know of any helpful documents or resources related to this topic, we would greatly appreciate it if you could share them. Thank you very much for your time and support. We would truly appreciate any advice or guidance you can provide.

We have Apple MDM running for more than 250 schools. We are looking to upgrade our MDM solution and looking as much help as we can get to boost it up. Anyone with experience can help?

I have enrolled a macbook through ADE to Apple School Manager and register it to the MDM service. Upon sending the initial DeclarativeManagement payload, the device return the client capabilities as below: "supported-versions": [ "1.0.0" ], "supported-payloads": { "declarations": { "activations": [ "com.apple.activation.simple" ], "assets": [ "com.apple.asset.credential.acme", "com.apple.asset.credential.certificate", "com.apple.asset.credential.identity", "com.apple.asset.credential.scep", "com.apple.asset.credential.userpassword", "com.apple.asset.data", "com.apple.asset.useridentity" ], "configurations": [ "com.apple.configuration.account.caldav", "com.apple.configuration.account.carddav", "com.apple.configuration.account.exchange", "com.apple.configuration.account.google", "com.apple.configuration.account.ldap", "com.apple.configuration.account.mail", "com.apple.configuration.account.subscribed-calendar", "com.apple.configuration.legacy", "com.apple.configuration.legacy.interactive", "com.apple.configuration.management.status-subscriptions", "com.apple.configuration.management.test", "com.apple.configuration.math.settings", "com.apple.configuration.passcode.settings", "com.apple.configuration.safari.extensions.settings", "com.apple.configuration.screensharing.connection", "com.apple.configuration.screensharing.connection.group", "com.apple.configuration.security.certificate", "com.apple.configuration.security.identity", "com.apple.configuration.security.passkey.attestation" ], "management": [ "com.apple.management.organization-info", "com.apple.management.properties", "com.apple.management.server-capabilities" ] }, "status-items": [ "account.list.caldav", "account.list.carddav", "account.list.exchange", "account.list.google", "account.list.ldap", "account.list.mail.incoming", "account.list.mail.outgoing", "account.list.subscribed-calendar", "device.identifier.serial-number", "device.identifier.udid", "device.model.family", "device.model.identifier", "device.model.marketing-name", "device.model.number", "device.operating-system.build-version", "device.operating-system.family", "device.operating-system.marketing-name", "device.operating-system.supplemental.build-version", "device.operating-system.supplemental.extra-version", "device.operating-system.version", "management.client-capabilities", "management.declarations", "screensharing.connection.group.unresolved-connection", "security.certificate.list", "test.array-value", "test.boolean-value", "test.dictionary-value", "test.error-value", "test.integer-value", "test.real-value", "test.string-value" ] }, "supported-features": { } } }, com.apple.configuration.softwareupdate.enforcement.specific couldn't be found. The macbook current OS version is 15.5 and it's supervised so looking at this, I assume it should include the Software Update:Enforcement:Specific capability? https://github.com/apple/device-management/blob/release/declarative/declarations/configurations/softwareupdate.enforcement.specific.yaml When I tried sending the payload to the device anyway the valid status is unknown

Recently, we have encountered some users who have been unable to open the enterprise signature application after upgrading to version 18.3.2, without an IPS file. Through system logs, we found that signature verification has occurred SecKeyVerifySignature failed: Error Domain=NSOSStatusErrorDomain Code=-50 "rsa_pub_crypt failed, ccerr=-7" UserInfo={numberOfErrorsDeep=0, NSDescription=rsa_pub_crypt failed, ccerr=-7} Waiting for the information, I will provide the obtained system logs below. The application package name that crashed is com. mobile. moa aa.txt new

I found a new Payload attribute LegacyAppConfigAssetReference in AppManaged introduced in iOs 18.4 beta. So I tried it, however no configuration is discoverted in the installed app. -- configuration { "Identifier": "8c2af0b6-5ae0-5927-a1cd-bab5e4148bb8", "Type": "com.apple.configuration.app.managed", "Payload": { "InstallBehavior": { "Install": "Required", "License": { "Assignment": "Device", "VPPType": "Device" } }, "AppStoreID": "535886823", "LegacyAppConfigAssetReference": "ac35558f-aefc-5faf-8f64-1faaff993b96" }, "ServerToken": "2abdc89492d89ca1a213ca61318ae0651c2b8de660c2847a44a3fb8ad9d9a8ad" } -- declaration/asset/ac35558f-aefc-5faf-8f64-1faaff993b96 { "Identifier": "ac35558f-aefc-5faf-8f64-1faaff993b96", "Type": "com.apple.asset.data", "Payload": { "Reference": { "DataURL": "https://i3-oreore-ios-mdm.azurewebsites.net/asset_files/eyJpZCI6IjNkOTg2YWVjNzQ1MWJiYWZlZjJmZGU1NmZmYmJlYjdkLnBsaXN0Iiwic3RvcmFnZSI6InN0b3JlIiwibWV0YWRhdGEiOnsiZmlsZW5hbWUiOiJFbmNvZGVkQ2hyb21lUG9saWN5RXhhbXBsZS5wbGlzdCIsInNpemUiOjMyMjUsIm1pbWVfdHlwZSI6ImFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSJ9fQ", "ContentType": "application/plist" } }, "ServerToken": "7433f7c0c991a1943636ff7bd8949e88738c684ecbde347ac8a9c5b5c19dda14" } -- And the data type of the managed app configuration is application/plist http https://i3-oreore-ios-mdm.azurewebsites.net/asset_files/eyJpZCI6IjNkOTg2YWVjNzQ1MWJiYWZlZjJmZGU1NmZmYmJlYjdkLnBsaXN0Iiwic3RvcmFnZSI6InN0b3JlIiwibWV0YWRhdGEiOnsiZmlsZW5hbWUiOiJFbmNvZGVkQ2hyb21lUG9saWN5RXhhbXBsZS5wbGlzdCIsInNpemUiOjMyMjUsIm1pbWVfdHlwZSI6ImFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSJ9fQ HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=31536000 Content-Length: 3225 Content-Type: application/plist Date: Tue, 18 Mar 2025 22:59:40 GMT X-Content-Type-Options: nosniff <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC '-//Apple//DTD PLIST 1.0//EN' 'http://www.apple.com/DTDs/PropertyList-1.0.dtd'> <plist version="1.0"> <dict> <key>EncodedChromePolicy</key> <string>PD94bWwgdmVyc2lvbj0iMS4wIiA/PjwhRE9DVFlQRSBwbGlzdCAgUFVCTElDICctLy9BcHBsZS8vRFREIFBMSVNUIDEuMC8vRU4nICAnaHR0cDovL3d3dy5hcHBsZS5jb20vRFREcy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCc+PHBsaXN0IHZlcnNpb249IjEuMCI+PGRpY3Q+PGtleT5BdXRvRmlsbEVuYWJsZWQ8L2tleT48ZmFsc2UvPjxrZXk+Q29va2llc0FsbG93ZWRGb3JVcmxzPC9rZXk+PGFycmF5PjxzdHJpbmc+aHR0cDovL3d3dy5leGFtcGxlLmNvbTwvc3RyaW5nPjxzdHJpbmc+WyouXWV4YW1wbGUuZWR1PC9zdHJpbmc+PC9hcnJheT48a2V5PkNvb2tpZXNCbG9ja2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Db29raWVzU2Vzc2lvbk9ubHlGb3JVcmxzPC9rZXk+PGFycmF5PjxzdHJpbmc+aHR0cDovL3d3dy5leGFtcGxlLmNvbTwvc3RyaW5nPjxzdHJpbmc+WyouXWV4YW1wbGUuZWR1PC9zdHJpbmc+PC9hcnJheT48a2V5PkRlZmF1bHRDb29raWVzU2V0dGluZzwva2V5PjxpbnRlZ2VyPjE8L2ludGVnZXI+PGtleT5EZWZhdWx0UG9wdXBzU2V0dGluZzwva2V5PjxpbnRlZ2VyPjE8L2ludGVnZXI+PGtleT5EZWZhdWx0U2VhcmNoUHJvdmlkZXJFbmFibGVkPC9rZXk+PHRydWUvPjxrZXk+RGVmYXVsdFNlYXJjaFByb3ZpZGVyS2V5d29yZDwva2V5PjxzdHJpbmc+bWlzPC9zdHJpbmc+PGtleT5EZWZhdWx0U2VhcmNoUHJvdmlkZXJOYW1lPC9rZXk+PHN0cmluZz5NeSBJbnRyYW5ldCBTZWFyY2g8L3N0cmluZz48a2V5PkRlZmF1bHRTZWFyY2hQcm92aWRlclNlYXJjaFVSTDwva2V5PjxzdHJpbmc+aHR0cDovL3NlYXJjaC5teS5jb21wYW55L3NlYXJjaD9xPXtzZWFyY2hUZXJtc308L3N0cmluZz48a2V5Pk1hbmFnZWRCb29rbWFya3M8L2tleT48YXJyYXk+PGRpY3Q+PGtleT5uYW1lPC9rZXk+PHN0cmluZz5Hb29nbGU8L3N0cmluZz48a2V5PnVybDwva2V5PjxzdHJpbmc+Z29vZ2xlLmNvbTwvc3RyaW5nPjwvZGljdD48ZGljdD48a2V5Pm5hbWU8L2tleT48c3RyaW5nPllvdXR1YmU8L3N0cmluZz48a2V5PnVybDwva2V5PjxzdHJpbmc+eW91dHViZS5jb208L3N0cmluZz48L2RpY3Q+PC9hcnJheT48a2V5PlBhc3N3b3JkTWFuYWdlckVuYWJsZWQ8L2tleT48dHJ1ZS8+PGtleT5Qb3B1cHNBbGxvd2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Qb3B1cHNCbG9ja2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Qcm94eUJ5cGFzc0xpc3Q8L2tleT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZTEuY29tLGh0dHA6Ly93d3cuZXhhbXBsZTIuY29tLGh0dHA6Ly9pbnRlcm5hbHNpdGUvPC9zdHJpbmc+PGtleT5Qcm94eU1vZGU8L2tleT48c3RyaW5nPmRpcmVjdDwvc3RyaW5nPjxrZXk+UHJveHlQYWNVcmw8L2tleT48c3RyaW5nPmh0dHA6Ly9pbnRlcm5hbC5zaXRlL2V4YW1wbGUucGFjPC9zdHJpbmc+PGtleT5Qcm94eVNlcnZlcjwva2V5PjxzdHJpbmc+MTIzLjEyMy4xMjMuMTIzOjgwODA8L3N0cmluZz48a2V5PlNlYXJjaFN1Z2dlc3RFbmFibGVkPC9rZXk+PHRydWUvPjxrZXk+VHJhbnNsYXRlRW5hYmxlZDwva2V5Pjx0cnVlLz48a2V5PlVSTEJsYWNrbGlzdDwva2V5PjxhcnJheT48c3RyaW5nPmV4YW1wbGUuY29tPC9zdHJpbmc+PHN0cmluZz5odHRwczovL3NzbC5zZXJ2ZXIuY29tPC9zdHJpbmc+PHN0cmluZz5ob3N0aW5nLmNvbS9iYWRfcGF0aDwvc3RyaW5nPjxzdHJpbmc+aHR0cDovL3NlcnZlcjo4MDgwL3BhdGg8L3N0cmluZz48c3RyaW5nPi5leGFjdC5ob3N0bmFtZS5jb208L3N0cmluZz48L2FycmF5PjxrZXk+VVJMV2hpdGVsaXN0PC9rZXk+PGFycmF5PjxzdHJpbmc+ZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPmh0dHBzOi8vc3NsLnNlcnZlci5jb208L3N0cmluZz48c3RyaW5nPmhvc3RpbmcuY29tL2JhZF9wYXRoPC9zdHJpbmc+PHN0cmluZz5odHRwOi8vc2VydmVyOjgwODAvcGF0aDwvc3RyaW5nPjxzdHJpbmc+LmV4YWN0Lmhvc3RuYW1lLmNvbTwvc3RyaW5nPjwvYXJyYXk+PC9kaWN0PjwvcGxpc3Q+</string> </dict> </plist> Please note that this example plist is the same content as is described here: https://www.chromium.org/administrators/ios-mdm-policy-format/ After applying the declaration, the app GoogleChrome is successfully installed but no managed app configuration seems applied. MDMAppManagement.plist in the sysdiagnose is like below: plutil -p logs/MCState/Shared/MDMAppManagement.plist { "metadataByBundleID" => { "com.google.chrome.ios" => { "Attributes" => { "Removable" => 0 } "flags" => 1 "source" => "Declarative Device Management" "state" => 7 } "com.microsoft.skype.teams" => { "Attributes" => { "Removable" => 0 } "flags" => 1 "source" => "Declarative Device Management" "state" => 7 } } } I also tried with our private apps and not applied... How can we use this feature or check the configuration is applied? Thank you,

Hey everyone, Is it possible and how to get Managed Apple ID (email) programmatically for user signed in to ipad through shared IPad feature ? It would be good to have MDM independent solution, I mean API call to MDM service is not acceptable for us. Maybe API call to ASM or ABM, or get that somehow on iOS device end... any advice ? Thanks in advance, Dima

Hello Apple Developer Community, I am implementing the "Return to Service" feature with app preservation in our MDM solution (iOS 26+). My goal is to use the EraseDeviceCommand to securely erase user data while preserving managed apps, and then have the device automatically re-enroll without user interaction. What I am doing: The device is supervised and successfully enrolled in Automated Device Enrollment (ADE). The device has generated and escrowed a bootstrap token to our MDM server (SetBootstrapToken received). I am sending the EraseDeviceCommand to the device via MDM with the necessary parameters for Return to Service with app preservation. The command payload includes: Enabled: true The previously escrowed BootstrapToken (as Base64 data). WiFiProfileData (as Base64 data) to ensure connectivity post-erase. Example Payload Structure (Simplified): <key>ReturnToService</key> <dict> <key>Enabled</key> <true/> <key>BootstrapToken</key> <data>YOUR_BASE64_TOKEN</data> <key>WiFiProfileData</key> <data>YOUR_BASE64_WIFI_PROFILE</data> </dict> The observed behavior: The erase command is successful. The device performs the secure user data erase. Crucially, the managed applications are preserved and automatically installed again after the reboot (confirming app preservation is working). The device connects to the Wi-Fi network successfully. The issue: I am not seeing the GetBootstrapToken request from the device hit our MDM server's check-in URL during the post-erase setup assistant phase. The re-enrollment seems to complete, but this specific request is missing from our server logs. My questions: Is the GetBootstrapToken request an explicit check-in message type, or is it an implicit part of the general CheckIn process during ADE re-enrollment when the token is used? If the device successfully re-enrolls and preserves apps, is the explicit GetBootstrapToken request still expected? Or does the token included in the EraseDeviceCommand payload satisfy all authentication needs for this workflow? What specific conditions or capabilities on the MDM server side might prevent the device from sending this specific request, even if the overall process succeeds? Any insights from Apple engineers or other developers who have successfully implemented this flow would be greatly appreciated. Thank you!

m personal iPhone is managed by an Unauthorized and Unknown mdm management team, The profile isn’t showing up in VPN Settings and I can’t remove them from having Remote access and control over my Personal Device! I’ve SPENT MANY MONTHS TRYING TO GET SUPPORT VIA EMAILING APPLE DEVELOPER AND SPEAKING TO APPLE SUPPORT WHICH HAS BEEN EXTREMELY EXHAUSTING AND HUMILIATIN! I’ve resorted to contacting Internet crime websit, the federal trade commissio, Better business bureau and Consumer Affairs to file an online complaint against Apple for not complying with their Security and Privacy policy for consumers accounts! Because of this unauthorized and unknown mdm device management profile I don’t have COMPLETE CONTROL OVER MY OWN IPHONE! ! Unable to find a team with the given Team II 'L95TAW5KWP' to which you belong. Pleas Developer Program Support. https://developer.apple.com/support I contacted developer support via email and also tried calling but they don’t respond!

Hello, We're testing the new allowedExternalIntelligenceWorkspaceIDs key in the MDM Restrictions payload on supervised iPads. According to Apple's documentation, this key expects an "external integration workspace ID", but it's not clear what this specifically refers to. We've tried the following IDs individually (one at a time, as documentation says only one is supported currently): OpenAI Organization ID ChatGPT user email Apple ID used in ChatGPT Google ID used in ChatGPT login The profile installs correctly via MDM and the key is set, but we want to confirm: What exactly is considered a valid "external integration workspace ID" for this key? Is there a way to verify that the restriction is working as intended on the device (e.g. does it limit specific integrations or apps)? Is there an official list of services that currently support this? Any clarification from Apple or other developers with experience on this would be very helpful. Thanks in advance.

Hello, We have implemented support for our app to work with MDM. Basically the app needs to read the custom configuration with UserDefaults.standard.dictionary(forKey: ‘com.apple.configuration.managed’) in order to be functional when in an MDM. The issue is that in the app review process we are told that: "Guideline 2.1.0 - Information Needed We are still unable to access the app's Mobile Device Management (MDM) functionality. Provide a demo MDM profile and corresponding login credentials that we can be used to access the MDM features and functionality." How do we create a demo MDM profile? Our app only needs to be passed configuration information and we have used Apple Configurator to create a profile, we have added information but it still doesn't work. Here is an example of the .mobileconfig file we have generated, but when we install it on our device, the app does not return any value using UserDefaults.standard.dictionary(forKey: ‘com.apple.configuration.managed’). <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadDisplayName</key> <string>App Name</string> <key>PayloadIdentifier</key> <string>com.xxx.yyy.TESTUUID</string> <key>PayloadType</key> <string>com.apple.ManagedAppConfiguration</string> <key>PayloadUUID</key> <string>TESTUUID</string> <key>PayloadVersion</key> <integer>1</integer> <key>ManagedAppConfiguration</key> <dict> <key>MyFirstKey</key> <string>value1</string> <key>MySecondKey</key> <string>value2</string> </dict> </dict> </array> <key>PayloadDisplayName</key> <string>Test Profile</string> <key>PayloadIdentifier</key> <string>payloadid.TESTUUID2</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>TESTUUID2</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist> On the other hand, about 3 weeks ago we requested the MDM capability for the app (https://developer.apple.com/contact/request/mdm-capability) but we have not received any response. We are at a bit of a loss.

When an iOS 26.0 device is prepared in supervised mode, wifi connection screen is showing when the device is restarted. This wifi connect appears always on restart. I have tried using Apple Configurator GUI and Command line (cfgutil) command. In both cases, The behavior Wifi screen is showing up on restart for supervised mode. Cfgutil command: cfgutil -C {Certificate} -K {Key} prepare --supervised --name {NAME} --host-cert {Certificate} --skip-all Note: In non-supervised mode and other iOS, the wifi screen is not showing. Apple Configurator version: 2.18 iOS version: 26.0 Device model: iPhone 11 and above. Anyone else facing this issue? Any help is super appreciated.

Hello, this may not be the correct place to ask this question so I apologize in advance if this is the case. We are currently having some issues when attempting to restore device back ups via iCloud that where previously enrolled to our MDM solution, as upon the restore no app data seems to be persisted over (we have tested restoring the backup on the same device and we have been able to have data persist between wipes) On the initial device we have ensured that the restrictions allowCloudKeychainSync allowManagedAppsCloudSync are set to true, and can see that the initial devices back up has the app data backed up, yet despite this data is not persisted when restoring from back up on a new device. On the device where the back up was initially done when restoring the applications are applied but indicated that they must be re-installed via our management console, once the app has been uninstalled and reinstalled the old data does show up, when applied to the new device our mdm solution pushes down the app.managed config but the device treats it as a new install. Could this possibly be due to us using Device Licensing when assigning apps? Or is it due to the intial device only performing a token update request when restoring and the new device going through the entire checkin proccess? Both devices are provisioned via DEP, and applications where assigned initially via VPP Any insight on this would be useful (For reference this is an MDM solution of our own making so we are attempting to sus out if there is a configuration issue we could be overlooking).

In iOS 26.1 beta 4, under MDM restrictions that disable the camera via a configuration profile, the Camera and FaceTime apps are hidden as expected. However, other third-party apps can still access and use the camera function normally. This is unreasonable.

Hello, I've noticed some unexpected behavior when updating a user's FileVault password. The set up: All actions are performed in virtualized macOS 14 and 15.5 guests on a 15.5 Apple Silicon host. FileVault is enabled. sjsp is a standard user with a Secure Token. The Mac is bound to AD, and the domain is reachable. Reproduction: systemctl -secureTokenStatus sjsp shows it's ENABLED. fdesetup remove -user sjsp fdesetup add -usertoadd sjsp systemctl -secureTokenStatus sjsp shows it's DISABLED. Surprisingly, sjsp is still able to unlock FileVault. Looking at unified logs for opendirectoryd and fdesetup, I see that a password change is being attempted in response to fdesetup add, which is unexpected. default 13:34:41.320883+0100 opendirectoryd Changing password for <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784) info 13:34:41.321317+0100 opendirectoryd No unlock record exists for E5CC46D7-0C1F-4009-8421-9AA8217CB784 info 13:34:41.321331+0100 opendirectoryd <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784) is not a SecureToken user: no unlock record default 13:34:41.321341+0100 opendirectoryd Changing password for <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784): user <private> SecureToken, only new password provided, credential <private> default 13:34:41.321454+0100 opendirectoryd Changing password for <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784) with no existing unlock record info 13:34:41.321857+0100 opendirectoryd No unlock record exists for E5CC46D7-0C1F-4009-8421-9AA8217CB784 default 13:34:41.321873+0100 opendirectoryd Record <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784) is eligible for SecureToken default 13:34:41.322637+0100 fdesetup DMAPFS cryptoUserForMacOSUserForVolume DMErr=-69594 retErr=-69594 outAPFSCryptoUser=(null) default 13:34:41.322699+0100 opendirectoryd While changing password for <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784): Not adding SecureToken; other unlock records exist, but no existing unlock record provided If I disconnect the network and follow the reproduction steps then the Secure Token is retained. Reconnecting and waiting a while doesn't cause the Secure Token to be lost. There are no log entries about attempting to change the password. Any help or explanation would be appreciated, thanks in advance.

Microsoft are retiring the “Azure AD Graph API”. We allow the use of Apple email apps in our M365 tenant via the “Apple Internet Accounts” Entra ID Enterprise Application, however this is using the “User.Read” permission from this retiring “Azure AD Graph API”. My concern is that Apple email app’s will stop working in our tenant when Microsoft retire the “Azure AD Graph API” and this permission is removed, as this is an Apple managed Enterprise Application, we have no method of changing the permissions ourselves. I have not been able to find any information on how the “Apple Internet Accounts” Entra ID Enterprise Application can be updated to use the required, newer “Microsoft Graph API” “User.Read” permission. It is not possible for us to change the permissions on the “Apple Internet Accounts” Entra ID Enterprise Application in our tenant, my assumption is that Apple would need to deploy a newer version of Email app that uses the newer “Microsoft Graph API” “User.Read” permission, and we would then need to consent the use of this new permission in our tenant. I would have thought Apple would have deploy this by now, but we have not seen any consent requests. Does anyone have any information about how Apple are handling this Microsoft change and how we can pre-emptively update the “Apple Internet Accounts” Entra ID Enterprise Application to ensure that Apple email client continue to work in our tenant? Many thanks.

Hi, I was looking for advice on the suitable mac to get for a web app development project for university . Would an Apple MacBook Air 2020 M1 8GB RAM 256GB SSD 13.3" macOS Big Sur, be sufficient ?? Or would I need a newer version !

Hello ! Currently, we have customers who use about 5,000 devices. In the case of ios26, the phone number is not acquired overall, and 18.x, 17.x, and 16.x are all acquired in half and not acquired in half. https://developer.apple.com/documentation/devicemanagement/deviceinformationcommand/command-data.dictionary/queries-data.dictionary It seems that it is the right behavior not to acquire it on the specification sheet. However, I wonder when it became impossible to acquire. (There are devices that can be acquired and devices that can't be acquired in the same os version.) Will the devices that are being acquired be blocked someday? When it was developed in 2019, it was in a state that could be acquired in full. I would also like to ask if there is an alternative way to get your phone number. Thank you.

Hello everyone, I recently changed the phone number associated with my Apple ID (about 4 days ago), but I’m still receiving the two-factor authentication verification codes on my old number instead of the new one. Has anyone experienced this? Is there a delay on Apple’s side, or is there something else I need to do to complete the update?