Hi guys, I need to configure a VPN to work only for specific apps. I already have a supervised iPhone, and I’ve successfully configured the VPN, but right now it applies to the whole phone. I need it to work just for some apps. I tried using both Apple Configurator and iMazing, but I can’t find this option there.

I created a provisional profile from apple developer portal for my iOS app. The expiry date shown in the profile is 21-April 2026. However, when I build the app with this provisional profile the expiry date shown in the app is 11 Dec, 2025. My iOS distribution certificate expires only in November 2026. I see a embeded.mobileprovision profile inside the app, and it has an expiry of 11-Dec-2025. I did a clean build,, cleared unnecessary profiles from profile folder, created a new provisional profile and tried, but nothing seems help. We have a few apps, and no other app has this issue. We do annual release of all apps together for provisional profile renewal. As this app expiry is different, it will cause lot of difficulty for us next year. Will you please help me to resolve this issue? Thanks.

I found that "search" endpoint is recently added to api.ent.apple.com : https://developer.apple.com/documentation/devicemanagement/get-catalog-search-results However it seems we cannot find custom apps using this API even with sToken. Is it not suppoted yet? Thank you

Three months ago I molded a mold program. I believe could be tweaked and tried unlined zero code. swear. anyway I would like to scale with some people if I can go to commercial area code phoned series and calls.and if I have rights. but my next moves for them. on iOS I think they should have a seri settings. where they can call seri.on settings, and it jump many codes-and navigation is hard. plus I think seri can help in settings expecially since seri settings is verbal drop. if the words fit or are similar it cues goes to but you have to hard call the switch.so there’s no hey no Sami where you setting no Sammy right I think it could skip cauldron and everything verbally either. Seri settings I think iOS should try it.

I work at a school in NYC and have a software idea that could better support the new NYC phone ban law than current market options (i.e. Yondr pouches). Right now at my school, students and staff scan a QR code upon entering the building to indicate that they are in the building. They scan again on the way out to indicate they've left the building. This is super helpful for attendance, particularly in emergency situations (fire drills, etc). Imagine if when students scanned their QR code, it also activated an app similar to Opal or ScreenZen, but with an admin preset whitelisted apps. The idea is that this app would default deny access to all apps on students' phones except the admin preset whitelisted ones such as Phone, Calculator, etc. Depending on the age/needs of the student, other apps like Spotify, or medical apps could also be whitelisted. My question is -- is this idea possible to create? We would need admin preset controls to create the preset whitelist. We can't have students picking their own restrictions, as we know most would opt to not restrict at all. We would need an admin dashboard so teachers/admin can see which students have activated the app in the building, and which may be trying to sneakily avoid it. We would ideally need to be able to whitelist both system apps like Phone and Calculator, as well as non-system apps such as Spotify (and medical apps -- we have some students who manage/monitor their Diabetes with an app). I don't have a background in software. I'm a math and health teacher. I've experimented with trying to have friends who majored in CS to create this app for me, but they've all either struggled/lost interest. So I'm also looking for a business partner in this venture. If anyone has any guidance here, it would be so helpful! My boss (Head of School) is super interested in this idea and significantly prefers it to every other alternative that he has encountered. The problem is this idea does not exist yet! Note: I know this is a super similar idea to the app and product "Brick". Notably, though, Brick does not have the ability for admin preset controls, or the admin dashboard. We reached out to the company to see if they're create this for us and they said it's a back burner idea that they're aware of, but it's not a priority for them right now. Thank you for any guidance!

Hi Apple Team & Community, The new Introduction of Platform SSO during ADE Enrollment is Great And we tried implementing this. As a Rule mentioned in the Documentation Initially MDM Server should send 403 response with Response Body adhering to ErrorCodePlatformSSORequired when HTTP Header for MachineInfo request contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true There are contradictory claims mentioned in Document, In Process Platform SSO Required Response it is mentioned that MDM Server should send body as JSON Object for ErrorCodePlatformSSORequired Example below >>>>> Response HTTP/1.1 403 Forbidden Content-Type: application/json Content-Length: 558 { "code": "com.apple.psso.required", "description": "MDM Server requires the user to authenticate with Identity Provider - BY MEMDM", "message": "The MDM server requires you to authenticate with your Identity Provider. Please follow the instructions provided by your organization to complete the authentication process - BY MEMDM", "details": { "Package": { "ManifestURL": "https://platform-sso-node-server.vercel.app:443/manifest" }, "ProfileURL": "https://platform-sso-node-server.vercel.app:443/profile", "AuthURL": "https://platform-sso-node-server.vercel.app:443/auth" } } But in the same Document a Sample HTTP Response was Provided but seems to be XML format as below >>>>> Response HTTP/1.1 403 Forbidden Content-Type: application/xml Content-Length: 601 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Code</key> <string>com.apple.psso.required</string> <key>Details</key> <dict> <key>ProfileURL</key> <string>https://mdmserver.example.com/psso.mobileconfig</string> <key>Package</key> <dict> <key>ManifestURL</key> <string>https://mdmserver.example.com/psso-app.plist</string> </dict> <key>AuthURL</key> <string>https://idp.example.com/authenticate</string> </dict> </dict> </plist> From Github I assume that both Response Types are welcomed hence I tried with Both Followed in JSON Mode, I redirected the HTTP request if MachineInfo contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true to https://platform-sso-node-server.vercel.app/redirectedDEPJSON Followed in XML Mode, I redirected the HTTP request if MachineInfo contains MDM_CAN_REQUEST_PSSO_CONFIG and set to true to https://platform-sso-node-server.vercel.app/redirectedDEPXML In both Response Modes OS is not proceeding after and a error Stating Enrollment with Management Server Failed , Forbidden request (403) appears Can someone kindly guide on where I missed, or is this any OS Bug in Tahoe 26?

this issue is posted on Community multiple times. I am here out of desperation after opening a case on IT support. when a user fills out their application, uploads resume - all of that info is saved. however, when you click "submit," the button does not work. I (along w/tons of other ppl) have tried all the usual remedies: clear cache, try different browsers, try different networks, try different devices - NOTHING WORKS. this is maddening b/c it is affecting my life and career. this is an urgent need. it is also disappointing that there is no tech support for the Careers site! this was confirmed by IT support today, they could not find anything and sent me here instead. please help! I was an apple contractor last year and want to come back but can't even submit my application.

I'm currently implementing a managed app using the new AppConfig specification. I referred to Apple's official documentation: Specifying and decoding a configuration. Based on the example provided in the "Publish your configuration specification" section, I structured my application configuration plist like this: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>configuration</key> <dict> <key>account</key> <dict> <key>username</key> <string>test user</string> <key>password</key> <string>test 123</string> </dict> <key>domain</key> <string>test example.com</string> </dict> </dict> </plist> When I deployed this configuration via my MDM server, the server reported valid for the activation, configuration and asset (which is the plist), but the configuration did not reflect or apply within my app. My app was unable to retrieve these settings. After some troubleshooting, I found that removing the top-level <key>configuration</key> wrapper resolved the issue. The following plist structure successfully pushed the configuration to my app: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>account</key> <dict> <key>username</key> <string>test user</string> <key>password</key> <string>test 123</string> </dict> <key>domain</key> <string>test example.com</string> </dict> </plist> My question is: Is the inclusion of the <key>configuration</key> wrapper (as shown in the Apple documentation example) incorrect for the current AppConfig implementation? Or is this structure intended for a future release (e.g., iOS 26 or beyond) and the documentation implicitly refers to it, causing confusion for current implementation? Any clarification would be greatly appreciated! Thank you!

Hello all, I’m hoping someone here has gone through the process of integrating an ERP system with the Apple GSX API and can offer some guidance. We’re currently working with an AASP who asked us to integrate our ERP with the Apple GSX API. It’s the first time for both of us, and we’re a bit stuck on how to properly get started. The AASP contacted their regional manager, who confirmed that an NDA and an Apple Developer Account would be necessary. However, he hasn’t handled this type of integration before and is still seeking internal guidance. That was a few months ago, and due to his workload, the AASP hasn’t heard back from him yet. Meanwhile, we’ve already enrolled in the Apple Developer Program and opened a support case, but we’ve been redirected to the forums since our case goes beyond standard support. So now we’re trying to understand: What steps need to be completed by the AASP? What are the steps we, as the ERP provider, need to take in order to receive API access? Are there any specific documents, applications, or technical requirements we should prepare in advance? We’d really appreciate any guidance or insight from others who have gone through this process — or even partial answers to help us move forward. Thanks in advance for your time!

Hi, I’m an enterprise developer, and we distribute our internal iOS app through a direct download link on our company website (not via App Store or TestFlight). The app is properly signed and works fine on most devices including iPhones and regular iPads. However, on iPad Pro 11-inch (4th generation), the app crashes immediately upon launch when installed via the website. Interestingly, if we install the exact same app via Xcode, it runs without issue on the same device. We also tested a third-party enterprise app called "Taipei On", and it showed the same crash behavior when installed via direct web download on the same iPad model. This leads us to believe the issue may be more widespread or specific to this iPad Pro model or recent iOS versions. Furthermore, some of our users with iPhone 15 devices have started experiencing similar crashes recently, even though they had no issues before. Is this a known issue related to enterprise app distribution or IPA installation behavior on certain devices? Any advice or insight from the Apple team or other developers would be appreciated. Thanks!

We have an office application used internally within our enterprise. The Provisioning Profiles (PP) for the app were about to expire, so we updated the PP and released a new version. However, we've encountered an issue where some users did not update their phones in time. After the app expired, they found it unusable and downloaded the new version, but the newly downloaded app also crashes on launch. Restarting the phone does not resolve the issue, and this primarily occurs on iOS 18.3.2. What could be the cause of this problem, and how should we address it?

I want to side load a .ipa file from a Mac to iPhone connected to Mac via USB. I don't want to use ABM or enterprise account. Also these can be any number of unknown devices. Is there any way to set this up automatically?

"To receive payments from Apple, you must add a bank account." As an Apple "Individual" developer, can I accept payments to my corporate card?

Is there any mechanism to restrict camera usage on a user-owned device, once they have opted in, consented to the restriction, and installed a management profile? Documentation suggests it was possible with allowCamera, but has be deprecated on unsupervised devices. Am I understanding correctly that it's simply not possible anymore unless the device is supervised?

Hi everyone, I’m working as an IT engineer in the cruise industry and need to troubleshoot passenger complaints about Apple’s new RCS messaging feature (introduced with iOS 18). Could someone help confirm which domains and ports iPhones use when they send RCS messages? My firewall team wants specifics: domains (or subdomains) that need whitelisting and the ports involved. Any official or community-sourced info would be super helpful—thanks in advance!

My company signed the application with enterprise certificate, the Provisioning Profile expired on March 20, 2025. Some iPhones didn't update the application before the expiration. We have update the Provisioning Profile and repackaged application. However, these iPhones still can't use the application after reinstalling the new ipa. After opening the application, the screen is blank and then flashes back without any error prompt. Restarting iPhone didn't help.

Hi everyone, I’m working as an IT engineer in the cruise industry and need to troubleshoot passenger complaints about Apple’s new RCS messaging feature (introduced with iOS 18). Could someone help confirm which domains and ports iPhones use when they send RCS messages? For the fortigate and palo alto firewalls I need specifics: domains (or subdomains) that need whitelisting and the ports involved. Any official or community-sourced info would be super helpful—thanks in advance!

I'm working on the companion iOS app for my purpose-built MDM system. when I use the following in a .swift file: import DeviceManagement I get the build issue: No such module 'DeviceManagement' When I attempt to add the framework in the Frameworks, Libraries, and Embedded Content settings, DeviceManagement doesn't even show up in the available frameworks. Alll the documentation I can find suggests that is the correct framework to import, but I'm new to this and not sure if I'm just missing something. Some AI help is suggesting that the culprit might be v16.x of Xcode, but I don't know enough to prove that correct or not. Any ideas on why Xcode believes there is no such module? Is there documentation that might help me learn how to make that framework available for my project?

Hello All, I am currently developing a mobile management system using declarative management and for the most part it is pretty great. There is one consistent issue I have run into and it comes when testing VPP app installs with not enough licenses. When my server detects that it can't provide a license ID it will return a 404, which causes the rest of the DM syncing to stop, and the activation to throw an error. Per the documentation for using simple activation: An array of strings that specify the identifiers of configurations to install. A failure to install one of the configurations doesn’t prevent other configurations from installing The above would imply that if a config fails it should not affect anything else (aside from possibly reporting an error. Am I returning the wrong error code for it to continue or is the behavior correct and the documentation is wrong? Any additional info would be useful

Hi Team, Could you please share how to change/extend the expiry date of the existing iOS Distribution (In-House) certificate? Since the membership renewal date is in March 2026 and the iOS distribution(In-House) certificate expiry date is in Feb 2026. We use to distribute the mobile apps using the product intunes (Company portal) and via direct download link. Please suggest since this certificate is used by multiple mobile apps by the users which can affect lot of iPhone users? Thank you in advance Deepak