It seems like there are some "mixed messages" out there about what should be in OID 1.2.840.113635.100.8.11.1 in the attestation cert. Is it just a SHA256 hash of the nonce issued by the ACME server? The MDM profile yaml says: "In the attestation certificate the value of the freshness code OID matches the nonce specified by the ACME server via the ACME protocol." I'm hoping the difficulty we're seeing is down to the certificate being created once (and not again for 7 days). Otherwise, we're not decoding/understanding the OID's contents properly. Thanks.

I am using system_profiler command to check on the installed application list from mac device. **Terminal command to check installed java version - ** But while running /usr/sbin/system_profiler SPApplicationsDataType -xml , I cant able to find Java as an installed application. Is this a known issue or do we have any alternative workaround to fetch the same?

Hello, We're testing the new allowedExternalIntelligenceWorkspaceIDs key in the MDM Restrictions payload on supervised iPads. According to Apple's documentation, this key expects an "external integration workspace ID", but it's not clear what this specifically refers to. We've tried the following IDs individually (one at a time, as documentation says only one is supported currently): OpenAI Organization ID ChatGPT user email Apple ID used in ChatGPT Google ID used in ChatGPT login The profile installs correctly via MDM and the key is set, but we want to confirm: What exactly is considered a valid "external integration workspace ID" for this key? Is there a way to verify that the restriction is working as intended on the device (e.g. does it limit specific integrations or apps)? Is there an official list of services that currently support this? Any clarification from Apple or other developers with experience on this would be very helpful. Thanks in advance.

We are trying to develop an app that will be responsible for managing 5000+ managed iPads through Intune MDM. The user flow is to have a device locked to a single app when a user is not logged in, but to make the device available to other apps once a user is authenticated. We already tried UIAccessibility GuidedAccess Mode and autonomous single app mode but those were not sufficient due to our need to be able to toggle this from the background. When the device may be asleep. So another way we could achieve this functionality would be to control all app access under a launching mechanism. That way we could allow one app to be visible in our MDM configuration and try to access our business app through that using deep links. If this were to work, we would have to be able to hide an app and still make it launchable from the manager. Any ideas? Thanks