Mobile Device Management

Prevent modifying device date and time settings

Mahesh's picture
Your rating: None (2 votes)

How to prevent users from changing or modifying device date and time settings? There is no existing provision in MDM too. As an MDM provider, we get this a lot from our customers. They want to prevent their users from changing device date and time to manipulate their enterprise apps. Otherwise which is a good alternative right now? How to use network server time for such apps?


Deploying Packages to macOS with MDM

taylor's picture
Your rating: None (2 votes)

Though this community centers on iOS management, I thought it worthwhile to share a recent writeup from our blog. It's on deploying PKG files to macOS computers using an MDM. Traditionally, this has been accomplished only with third party management software installed on the local computer.

Article: Distribute macOS PKGs via MDM

Apple is slowly nudging macOS management practices towards those of iOS MDM management. It seems that MDM is the future for macOS which is a good thing for those from a traditional iOS MDM background.

iOS devices automatically reset by themselves

Mahesh's picture
Your rating: None (3 votes)

We have a customer who is reporting that several iOS devices are resetting to factory default, automatically by themselves. We are unable to figure out a specific pattern. The devices are enrolled in MDM, but there are no wipe commands from MDM. Also the devices are using Gsuite exchange Google Sync mail.
Have any one else experienced similar problems? Are there any conflicting policies from Google Sync that could remote erase the device?

Deano's Confused!

dean.witherden's picture
Your rating: None (2 votes)

Hi All,

Looks like I've finally found an forum that talks about the important stuff in iOS land instead of the new Jet Black iPhone 7 and how it will get tiny scratches on it if you don't put it in a case!

I'm embarking on a journey to tidy up the use of iOS devices in our company and it's bloody confusing! MDM, Apple Configurator, VPP..... I need help!

If someone could point me in the direction of some threads that will help address the following challenges it would be much appreciated.

Company issued iOS devices and Apple Id's - our admin girls have looked after issuing these up until now and I've just ignored it but from what I've found i should be able to use VPP or Apple Configurator 2 to use a company Apple Id to keep control of the device? And I'm fairly certain I don't want to go down the path of DEP.

App deployment - We're about to subscribe to Azure AD Premium which includes M$ InTune, and while it looks great it seems to rely on having the install package for each app rather than linking with the App Store. Is it possible to get the packages? And what if the package you have isn't compatible with all used versions of iOS?

Version Locking - Is it possible to lock devices to a version of iOS to avoid compatibilty issue?

In general, I'm starting from scratch (Except for InTune) and any assistance would be appreciated!

Thank in advance.

AppleID - i`m still not get it

TrK's picture
Your rating: None (2 votes)

Hello folks.
First of all - i`m can`t believe that every iOS user need AppleID in corporate environment. Why? I tell you.
My problem is:
I have 20-30 iPads (iOS 9 and 10) and i need support them remotely (we have branches in 20 cities).

If i just give those devices to user and he (or she) will use personal AppleID, then when user will leave company we can face a problem with Activation Lock.

If i use corporate AppleID, then i need to tell password to user, because when iOS update or just reboot, AppStore will ask for that. And we still can face the Activation Lock (in sabotage scenario from fired user) or some .. ransom-fraud?.. if stupid user let for someone to know password.

I just need sometimes push our apps (from public AppStore) to this devices and see its location.
Ok, i have one OS X and i can setup a simple MDM with Profile Manager. Is it absolutely necessary to use AppleID on those iPads?
Can you to advice me something?

IOS10 Wifi profile issues

hazy2k16's picture
Your rating: None (2 votes)

has anyone come across wifi issues with managed devices?

Some of our users have recently updated ipads to IOS10 and from then on cant connect to wifi even though they still have the wifi profiles installed which are pushed out from MDM.

VPP redemption code migrated apps not available in getVppAsset

Mahesh's picture
Your rating: None (2 votes)

Problem 1
Apps are migrated from VPP redemption to managed distribution.The getVPPAssetsSrv does not give the adam Id for these apps. These apps are paid apps which were originally purchased around 2012 and migrated in Jan 2016. Few other apps which were purchased around 2012 and migrated in Jan 2016 work fine.
Problem 2
Could not get app details for few apps in getVPPAssetsSrvUrl. Tried getting app details via
and through contentMetadataLookupUrl.
Anyone have any ideas?

Plan for Data Usage Tracking

Mahesh's picture
Your rating: None (3 votes)

What is the plan for supporting data usage fetching - device-wise or app-wise - for MDM providers? Any ideas? When can we expect this in the MDM Protocol?

Adding Existing iOS and macOS Devices to your DEP Account

taylor's picture
Your rating: None (7 votes)

We regularly receive questions from our customers asking if it's possible to add the Apple devices they already own to their DEP account. We had a chance to speak with Apple Business Services recently to understand the specific situations where this is possible and want to share it with anyone who it might be of use to:


Using Mobile Safari "device identity certificates"

jpref's picture
Your rating: None (2 votes)

We have deployed a certificate to devices that is generated on the Microsoft CA through a SCEP request. When browsing on safari on an ios device, no prompt when using MFA request through ADFS is done. Is there any way to have the browser call to the device identity certificate store where these are sitting. Thanks.

How Single App Lock and Autonomous App Mode Work

taylor's picture
Your rating: None (6 votes)

We've received a number of questions about what Single App Lock is and what features it comes along with. We put together an informative guide to answer these questions. I appreciate your feedback on it!

Iphone Configuration utility for Windows?

neeraj79's picture
Your rating: None (7 votes)

I am looking to deploy wifi connection profiles to iOS 9 users in my company. It looks like there was a utility called IPHONE CONFIGURATION UTILITY available for earlier IOS versions but it's not available anymore. Can someone pls advise what tool can i use on a windows platform (preferred) to create such wireless connection profiles for mass deployment ?

Thanks in advance

New MDM Features in iOS 9.3

taylor's picture
Your rating: None (10 votes)

There's been a lot of press on the new features coming out for iOS 9.3, but most of this hasn't covered the more subtle, MDM functionality enhancements. Namely:

  • Ability to enable/disable apps from running
  • Ability to reconfigure icon layout on the Home Screen
  • Control over notification settings
  • Additional restriction options
  • Safari auto-fill domain control

We go into more depth in the following article:

Feel free to respond, I'll answer any questions the best that I can Laughing out loud

MDM APNS push notification problem.

Shivam's picture
Your rating: None (2 votes)

We are trying to enroll iPhone devices with our 3rd party server,I downloaded the APNS certificate in the PEM format form the portal and installed it in the keychain access. I selected the APNS certificate (APSP:an23.....) and the private key that is associated with the MDM vendor certificate(Am i doing any mistake here???) and exported those into .p12 file. Using this .p12 file i am sending the wakeupcall to the iOS devices by sending push notification using python-apns library. I am getting feedback that the message is been delivered but the iOS device is not hitting back to the Checkin-url with the Idle status.Help is appreciated.

OS X Server Profile Manager as lightweight MDM?

wchestnutt's picture
Your rating: None (2 votes)


I am looking into some cost effective ways of providing MDM functionality over the air (Profile push, lock, wipe etc) and wondered if OS X Server Profile manager would work as apparently it can provide some sort of OTA management? Has anyone had any hands on experience with this as an MDM software, and are there any real gotchas?

Previously I have used configurator to supervise device with base restrictions, and then used MDM software to manage fleets, so have plenty of experience with that.

The cost and support for a full MDM platform would be tough to justify at this point in time, but it would be good to get a level of management on the fleet of roughly 100 users. They are mostly office based with a handful of remote workers, which is why the OTA piece is important.


Recent Activity