We’re using the Apple Developer Enterprise Program for internal app distribution. The Apple ID is a generic one using our domain email, but the Account Holder is a real person with authority in the organization. For the payment method, we plan to use a corporate credit card — but it is issued under a different staff name (e.g. card under Chief, but Account Holder is IT Head). Just want to check: • Is this setup acceptable? • Will Apple reject the enrollment/renewal if the card name doesn’t match the Account Holder? • What’s the best practice in this case to avoid delays or verification issues? Appreciate any guidance or experience from the community. Thanks!

We have been trying to figure out how to block Apple Private Relay in our enterprise so we can monitor and filter our employees traffic. We are able to block the Private Relay via this process: We used this article from Fortinet to achieve this: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-iCloud-Private-Relay-from-bypassing/ta-p/228629 This also appears to block the users ability to utilize Apple iCloud Drive Backups. They would like to allow that still. Is there a way to block iCloud Private Relay while still allowing iCloud Drive Backups to work? I am not finding a document listing the URL requirements for iCloud Drive Backups. We currently have this solution in place: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-allow-iCloud-private-relay/ta-p/383703 Basically this solution is allowing all Apple URL/IPs to go through the firewall and not be filtered. They would like to scan the traffic through. When scanning is enabled the firewall blocks the iCloud Private Relay traffic as it is blocked as being a proxy. Any guidance is greatly appreciated.

Hey. If i have a new idea for apple how can i reach out for you?

In the RequestRequiresNetworkTether property, the definition of “network-tethered” is unclear, and there seems to be a discrepancy between the actual behavior and the description in the documentation. We would like to clarify the definition of the connection state that “network-tethered” means and the specific behavior requirements when the property is set to true. Explanation of the document The description “If true, the device must be network-tethered to run the command. I was not sure whether it refers to “network connection” or “tethered communication” as the Japanese translation. Actual operation verification results The error message was “The device is not tethered. (MDMErrorDomain:12081)”. Error occurs when only carrier communication is used The following connection conditions work normally (as in the case of false) Wifi communication Combination of carrier communication and Wifi communication Tethering communication Combination of carrier communication and tethering communication Tethering connection (both parent and child devices) Inconsistencies Although the document description could be interpreted as a simple network connection requirement, actual operation is limited only to carrier communications alone Error message uses language regarding tethering, but actual tethering connection works fine

I have created a configuration profile which basically just turns off notifications for Shortcuts app but I am unable to install it on my iPhone as I am getting the following error “This profile can be installed on a supervised device only” can someone please help me with this? Would also appreciate if you have another way to turn off shortcuts notifications permanently since when I turn it off via screen time it keeps turning itself ON every couple of days.

short version question: why some users after deleting and downloading back my in-house app, cannot start the new process for approving developer, but instead it tries to start and then crashes immediately? long question version I am maintaining an in-house distributed enterprise app. due to update in iOS 18 update here users need to trust the developer via a new procedure that involves restarting device and inserting the phone code. after thousands (more or less 30.000) of users with no issue at all, some of them has this problem, the old (expired)trust seems to be persistent and never updated. Standard events a user deletes the app via settings > general > VPN & device management or via classic persistent touch procedure checks no other presence of the app is on the device via spotlight. since it is the only app with "MyDeveloperName" on the phone, if users goe back to VPN & device management screen, no app or developer will be present. user downloads new version of the app. If taps directly on the icon there is a system alert with says the developer must be trusted. a this point in settings > general > VPN & device management you can find a line with developer name, tapping on it we find a screen where user finds a white button with BLUE message "authorize MyDeveloperName" and follows procedure. My issue is that some users get following different behavior, and I do not understand why: ❌ tapping on downloaded app icon: no alert, but app tries to start then crashes. ❌ going in VPN & device management screen there is only RED write button "delete app" in both paths, working and not working, the app results "verified" in VPN & device management screen (Apple says old authorizations are preserved.)

May I know the checking mechanism for the ios Provisioning profile? Is my Apple app distributed by MDM inside the organisation? If the Provisioning profile is expired , what is the behaviour when user run the App and how to perform the checking mechanism , is it performed at user client side device or Apple server via online access.

Hello, We are currently deploying Apple devices in our organization using Apple Business Manager (ABM) and are looking for a long-term self-hosted MDM solution. We initially considered MicroMDM, but since official support will end in December 2025, we are evaluating NanoMDM. I would like to confirm: Is NanoMDM a stable and production-ready option for long-term use with Apple Business Manager and Automated Device Enrollment (ADE)? Does NanoMDM support all essential features like: Supervision Remote wipe App deployment Configuration profiles Are there any limitations or known issues with using NanoMDM? Are there any other open-source or lightweight MDM solutions Apple developers recommend that are actively maintained? We are aiming for a reliable, secure, and future-proof self-hosted MDM setup. Any guidance or shared experience would be greatly appreciated. Thanks, Vijay Pratap Singh

Hello, I am building a Content Filter app for iOS and would like to get access to some information about network connections that are happening on the device. I managed to have the handle(_ report: NEFilterReport) method of my NEFilterControlProvider called, but the bytesOutboundCount and bytesInboundCount properties of the report are always 0. How can I have the real byte count of the connection ?

I am needing to access the ABM API via C#. Searching has directed me to use BouncyCastle. I have downloaded the PEM file. However, using the following: using (var reader = File.OpenText(pemFilePath)) { var pemReader = new PemReader(reader); var keyObject = pemReader.ReadObject(); I get the error "problem creating EC private key: System.NullReferenceException: Object reference not set to an instance of an object."

I am trying to find clarification on something. We are seeing strange cases where customer devices seem to unenroll themselves after a period of MDM inactivity. This seems to tie into roughly when their identity certificate has expired. We can't confirm this because the device has since unenrolled. Is there any case where an Apple device will automatically unenroll if it's identity certificate has expired? This doesn't always seem to happen - I had a device respond immediately after being switched off for a year - but could this be down to some devices being DEP enrolled and others manually enrolled?

As we know, we can't add restrictions payload in the mobileconfig when registing the device. We are developing MDM by ourselfs, met some trouble. Please help.

I encounter a connection error with Apple Configurator v2.18 when, after making changes in macOS Sequel 15.6.1, I want to apply and transfer the changes to the iPhone icon layout in iOS 26: Apple Configurator v2.18 crashes and returns an error message: ‘Try the operation again. If it fails, quit the application, launch it again, and try again. [NSCocoaErrorDomain – 0x1001 (4097)]’ I have done some research, and it seems that this bug has been identified and fixed in Apple Configurator 2 v2.19 (Build 10434). Have you encountered this problem? Do you know where to find version v2.19? This fixed version does not appear to have been released yet, and Apple support has been unable to help me. Thank you all for your help.

Hi everyone, I’m sharing this because I’ve been stuck with this issue for over two weeks, and I still haven’t found a solution — or received a meaningful response from Apple Support. A yellow banner has appeared on my account saying: “The Apple Developer Program License Agreement has been updated and needs to be reviewed.” But here’s the problem: I’ve already accepted the latest agreement long ago. When I log into both: App Store Connect Developer Portal …there’s no new agreement to accept, no prompt, no button — absolutely nothing new. The yellow banner simply refuses to go away, and it's preventing updates. I’ve already: Cleared cache & cookies Tried Safari, Chrome, Firefox Logged in from different devices/networks Verified that I am the Account Holder Reported the issue via Apple Developer Support (more than a week ago) Despite clearly stating the urgency of the matter, I’ve received no fix and no timeline. This is beginning to feel like developers’ time — especially for those who depend on timely releases — isn’t being taken seriously. So I’m writing here to ask: 🔹 Has anyone else encountered this same issue recently? 🔹 Is there any known workaround or fix? I’d appreciate any help or shared experience. Thank you.

We have a WebContentFilter that has an AllowList with a couple of domains and a DenyList that includes www.apple.com. This works on iOS18.x but doesn't work in iOS26 as www.apple.com can be reached. https://support.apple.com/en-gb/guide/deployment/depc77c9609/web Indicates that .apple.com is always accessible but evidence seems to indicate this wasn't the case pre iOS26. An older version of this page https://web.archive.org/web/20220427202204/https://support.apple.com/en-gb/guide/deployment/depc77c9609/web has no mention of .apple.com although field names are also different. Has this change come about due to the filtering changes introduced in iOS26 and is there any way we can still block .apple.com going forward. Would a content plugin be an options ?

It seems like there are some "mixed messages" out there about what should be in OID 1.2.840.113635.100.8.11.1 in the attestation cert. Is it just a SHA256 hash of the nonce issued by the ACME server? The MDM profile yaml says: "In the attestation certificate the value of the freshness code OID matches the nonce specified by the ACME server via the ACME protocol." I'm hoping the difficulty we're seeing is down to the certificate being created once (and not again for 7 days). Otherwise, we're not decoding/understanding the OID's contents properly. Thanks.

I tried the new feature of macOS 26.0 com.apple.configuration.app.managed. A configuration and its activation are defined with the data like this. InstallBehavior: Install: Required License: Assignment: Device iOSApp: true AppStoreID: '1113153706' After distributing the configuration with DeclarativeDevicement MDM command, an error is notified via status channel app.managed.list. "managed": { "list": [ { "state": "failed", "declaration-identifier": "1424a813-113f-5de0-9a75-38bf64f22673", "identifier": "com.microsoft.skype.teams", "name": "Microsoft Teams" } ] } What am I missing in the settings? Thank you

Apple face app is used to fore video calling and chatting and voice calling AP same a what’s app tango etc…

Steps to Reproduce Step 1: Fetch Initial Device List Called the device list endpoint to retrieve all devices and saved the cursor: GET https://mdmenrollment.apple.com/server/devices Step 2: Modify Devices Added and deleted several devices via https://business.apple.com/ Step 3: Sync Without Pagination Called the sync endpoint using the cursor from Step 1 (no limit): GET https://mdmenrollment.apple.com/devices/sync?cursor={step1_cursor} Result: Returned 3 device records as expected: { "devices": [ { "serial_number": "F70JJ4C16L", "op_type": "added", "op_date": "2025-12-11T07:05:05Z" }, { "serial_number": "F70JJ4C16L", "op_type": "deleted", "op_date": "2025-12-11T07:04:36Z" }, { "serial_number": "C8RWGXZXJWF5", "op_type": "deleted", "op_date": "2025-12-11T07:04:52Z" } ], "more_to_follow": false } Step 4: Sync With Pagination (First Page) Called the sync endpoint using the same cursor from Step 1 with limit=1: GET https://mdmenrollment.apple.com/devices/sync?cursor={step1_cursor}&limit=1 Result: Returned 1 record with more_to_follow: true — indicating more data exists: { "devices": [ { "serial_number": "F70JJ4C16L", "op_type": "added", "op_date": "2025-12-11T07:05:05Z" } ], "more_to_follow": true, "cursor": "MTowOjE3NjU0MzgyNDI5ODc6..." } Step 5: Sync With Pagination (Second Page) Called the sync endpoint using the cursor from Step 4 with limit=1: { "devices": [], "more_to_follow": false } Expected Behavior When paginating with limit=1, the API should return all 3 records across 3 sequential requests. Actual Behavior Without pagination: Returns 3 records ✓ With pagination (limit=1): Returns only 1 record, then empty array ✗ 2 records are missing when using pagination. Impact This inconsistency makes the sync API unreliable for incremental device synchronization workflows.

I came across this tool that enables supervised mode on iOS without resetting the data. it's essentially a macOS with a unix executable file underneath. a quick guide of how it works is here https://www.techlockdown.com/guides/enable-supervised-mode-iphone I would appreciate any guidance on how to recreate this, as this is behind a paywall, and would like to offer something similar for free to people who want to restrict their families devices.