Open6
iOS 18.4 の 宣言型デバイス管理 でManaged App Configurationも使えるようになってそう
Yusuke Iwaki
app.managed のConfigurationに、 AppConfig ExtensionConfigs LegacyAppConfigAssetReference が追加されている。
AppConfigについては、どうもそれっぽいドキュメントもある。
Yusuke Iwaki過去に、「Managed App Configurationが宣言型デバイス管理で使えないと、既存ユーザの移行ができないじゃん?」とフォーラムで質問というか要望というかを投げてたことがあって
MDMv1 app config is not compatible with DDM managed apps. We recognize this is an important feature in MDMv1 app management, and obviously intend to provide an equivalent solution for DDM at some point.
If there are specific use cases that you feel are unique to your situation, or you have suggestions on how the MDMv1 app config mechanism could be improved via DDM, please file a feedback request.
従来のコマンドベースのMDM(これは "MDMv1" と呼ばれているらしい)と宣言型のデバイス管理では互換性がなくて新たな仕組みを検討するっぽいことが書いてあって、今回のiOS 18.4でそれが実現されたと言える。
ただ、どうも系統が2個ありそう。
- リファレンスにも記載のある新しいアプリ管理設定っぽい仕組み (AppConfig, ExtensionConfigs) https://developer.apple.com/documentation/managedapp/
- リファレンスには記載がないが、従来のユーザがそのまま宣言型に移行できる、レガシーアプリ管理設定 (LegacyAppConfigAssetReference)
AppConfigはパスワードをうまく秘匿する仕組みなども備わっているが、アプリ側の対応が必要なので、2年がかりくらいで移行が進むんだろう。
いっぽうで、現時点においては LegacyAppConfigAssetReference が対応済みアプリをそのまま使えるオプションとして有望そうではある。
Yusuke Iwakiためしてみる
すごくタイムリーにまとめページを作ってくれてる人が。神。
まずはGoogle Chromeで試してみよう。
https://www.chromium.org/administrators/ios-mdm-policy-format/
This example contains an EncodedChromePolicy value that contains the same Plist as above, after being encoded in Base64:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC '-//Apple//DTD PLIST 1.0//EN' 'http://www.apple.com/DTDs/PropertyList-1.0.dtd'>
<plist version="1.0">
<dict>
<key>EncodedChromePolicy</key>
<string>PD94bWwgdmVyc2lvbj0iMS4wIiA/PjwhRE9DVFlQRSBwbGlzdCAgUFVCTElDICctLy9BcHBsZS8vRFREIFBMSVNUIDEuMC8vRU4nICAnaHR0cDovL3d3dy5hcHBsZS5jb20vRFREcy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCc+PHBsaXN0IHZlcnNpb249IjEuMCI+PGRpY3Q+PGtleT5BdXRvRmlsbEVuYWJsZWQ8L2tleT48ZmFsc2UvPjxrZXk+Q29va2llc0FsbG93ZWRGb3JVcmxzPC9rZXk+PGFycmF5PjxzdHJpbmc+aHR0cDovL3d3dy5leGFtcGxlLmNvbTwvc3RyaW5nPjxzdHJpbmc+WyouXWV4YW1wbGUuZWR1PC9zdHJpbmc+PC9hcnJheT48a2V5PkNvb2tpZXNCbG9ja2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Db29raWVzU2Vzc2lvbk9ubHlGb3JVcmxzPC9rZXk+PGFycmF5PjxzdHJpbmc+aHR0cDovL3d3dy5leGFtcGxlLmNvbTwvc3RyaW5nPjxzdHJpbmc+WyouXWV4YW1wbGUuZWR1PC9zdHJpbmc+PC9hcnJheT48a2V5PkRlZmF1bHRDb29raWVzU2V0dGluZzwva2V5PjxpbnRlZ2VyPjE8L2ludGVnZXI+PGtleT5EZWZhdWx0UG9wdXBzU2V0dGluZzwva2V5PjxpbnRlZ2VyPjE8L2ludGVnZXI+PGtleT5EZWZhdWx0U2VhcmNoUHJvdmlkZXJFbmFibGVkPC9rZXk+PHRydWUvPjxrZXk+RGVmYXVsdFNlYXJjaFByb3ZpZGVyS2V5d29yZDwva2V5PjxzdHJpbmc+bWlzPC9zdHJpbmc+PGtleT5EZWZhdWx0U2VhcmNoUHJvdmlkZXJOYW1lPC9rZXk+PHN0cmluZz5NeSBJbnRyYW5ldCBTZWFyY2g8L3N0cmluZz48a2V5PkRlZmF1bHRTZWFyY2hQcm92aWRlclNlYXJjaFVSTDwva2V5PjxzdHJpbmc+aHR0cDovL3NlYXJjaC5teS5jb21wYW55L3NlYXJjaD9xPXtzZWFyY2hUZXJtc308L3N0cmluZz48a2V5Pk1hbmFnZWRCb29rbWFya3M8L2tleT48YXJyYXk+PGRpY3Q+PGtleT5uYW1lPC9rZXk+PHN0cmluZz5Hb29nbGU8L3N0cmluZz48a2V5PnVybDwva2V5PjxzdHJpbmc+Z29vZ2xlLmNvbTwvc3RyaW5nPjwvZGljdD48ZGljdD48a2V5Pm5hbWU8L2tleT48c3RyaW5nPllvdXR1YmU8L3N0cmluZz48a2V5PnVybDwva2V5PjxzdHJpbmc+eW91dHViZS5jb208L3N0cmluZz48L2RpY3Q+PC9hcnJheT48a2V5PlBhc3N3b3JkTWFuYWdlckVuYWJsZWQ8L2tleT48dHJ1ZS8+PGtleT5Qb3B1cHNBbGxvd2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Qb3B1cHNCbG9ja2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Qcm94eUJ5cGFzc0xpc3Q8L2tleT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZTEuY29tLGh0dHA6Ly93d3cuZXhhbXBsZTIuY29tLGh0dHA6Ly9pbnRlcm5hbHNpdGUvPC9zdHJpbmc+PGtleT5Qcm94eU1vZGU8L2tleT48c3RyaW5nPmRpcmVjdDwvc3RyaW5nPjxrZXk+UHJveHlQYWNVcmw8L2tleT48c3RyaW5nPmh0dHA6Ly9pbnRlcm5hbC5zaXRlL2V4YW1wbGUucGFjPC9zdHJpbmc+PGtleT5Qcm94eVNlcnZlcjwva2V5PjxzdHJpbmc+MTIzLjEyMy4xMjMuMTIzOjgwODA8L3N0cmluZz48a2V5PlNlYXJjaFN1Z2dlc3RFbmFibGVkPC9rZXk+PHRydWUvPjxrZXk+VHJhbnNsYXRlRW5hYmxlZDwva2V5Pjx0cnVlLz48a2V5PlVSTEJsYWNrbGlzdDwva2V5PjxhcnJheT48c3RyaW5nPmV4YW1wbGUuY29tPC9zdHJpbmc+PHN0cmluZz5odHRwczovL3NzbC5zZXJ2ZXIuY29tPC9zdHJpbmc+PHN0cmluZz5ob3N0aW5nLmNvbS9iYWRfcGF0aDwvc3RyaW5nPjxzdHJpbmc+aHR0cDovL3NlcnZlcjo4MDgwL3BhdGg8L3N0cmluZz48c3RyaW5nPi5leGFjdC5ob3N0bmFtZS5jb208L3N0cmluZz48L2FycmF5PjxrZXk+VVJMV2hpdGVsaXN0PC9rZXk+PGFycmF5PjxzdHJpbmc+ZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPmh0dHBzOi8vc3NsLnNlcnZlci5jb208L3N0cmluZz48c3RyaW5nPmhvc3RpbmcuY29tL2JhZF9wYXRoPC9zdHJpbmc+PHN0cmluZz5odHRwOi8vc2VydmVyOjgwODAvcGF0aDwvc3RyaW5nPjxzdHJpbmc+LmV4YWN0Lmhvc3RuYW1lLmNvbTwvc3RyaW5nPjwvYXJyYXk+PC9kaWN0PjwvcGxpc3Q+</string>
</dict>
</plist>
実際のテストMDMサーバーで試す
Asset
app.managed のConfigurationの LegacyAppConfigAssetReference に指定するのは
title: App Config MDMv1 Asset Reference
content: Specifies the identifier of an asset declaration containing a reference
to the app config data. This app config data is applied and made available to
the app using the traditional MDMv1 behavior. The corresponding asset must be
of type "com.apple.asset.data". The referenced data must be a property list file,
and the asset's "ContentType" value should be set to match the data type.
assettypes:
- com.apple.asset.data
asset-content-types:- application/plist
- application/x-plist
- application/xml
- text/xml
このような記載があるので、type: com.apple.asset.dataのAssetを Content-Typeが application/plist になるように作る。
{
"Identifier": "ac35558f-aefc-5faf-8f64-1faaff993b96",
"Type": "com.apple.asset.data",
"Payload": {
"Reference": {
"DataURL": "https://i3-oreore-ios-mdm.azurewebsites.net/asset_files/eyJpZCI6IjA3OTQxMWUyYTg4NTAwOGYzYmUyZGUyNGZlZjhhMjZkLnBsaXN0Iiwic3RvcmFnZSI6InN0b3JlIiwibWV0YWRhdGEiOnsiZmlsZW5hbWUiOiJDaHJvbWUucGxpc3QiLCJzaXplIjozMjI1LCJtaW1lX3R5cGUiOiJhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0ifX0",
"ContentType": "application/plist"
}
},
"ServerToken": "43c4d5fde49305687fa422f1b818935e0a711221faf7093787de96d75a029df4"
}
DataURLには、Google Chromeのドキュメントにあったplistをそのまま返すURLを指定している。
ポイントは、以下のように Content-Type: application/plist が返されるようにしている。Content-Disposition(ファイルダウンロードさせるためのアレ)があるとエラーになってしまうっぽかったので。
http https://i3-oreore-ios-mdm.azurewebsites.net/asset_files/eyJpZCI6IjA3OTQxMWUyYTg4NTAwOGYzYmUyZGUyNGZlZjhhMjZkLnBsaXN0Iiwic3RvcmFnZSI6InN0b3JlIiwibWV0YWRhdGEiOnsiZmlsZW5hbWUiOiJDaHJvbWUucGxpc3QiLCJzaXplIjozMjI1LCJtaW1lX3R5cGUiOiJhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0ifX0
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Length: 3225
Content-Type: application/plist
Date: Sat, 29 Mar 2025 17:12:55 GMT
X-Content-Type-Options: nosniff
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC '-//Apple//DTD PLIST 1.0//EN' 'http://www.apple.com/DTDs/PropertyList-1.0.dtd'>
<plist version="1.0">
<dict>
<key>EncodedChromePolicy</key>
<string>PD94bWwgdmVyc2lvbj0iMS4wIiA/PjwhRE9DVFlQRSBwbGlzdCAgUFVCTElDICctLy9BcHBsZS8vRFREIFBMSVNUIDEuMC8vRU4nICAnaHR0cDovL3d3dy5hcHBsZS5jb20vRFREcy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCc+PHBsaXN0IHZlcnNpb249IjEuMCI+PGRpY3Q+PGtleT5BdXRvRmlsbEVuYWJsZWQ8L2tleT48ZmFsc2UvPjxrZXk+Q29va2llc0FsbG93ZWRGb3JVcmxzPC9rZXk+PGFycmF5PjxzdHJpbmc+aHR0cDovL3d3dy5leGFtcGxlLmNvbTwvc3RyaW5nPjxzdHJpbmc+WyouXWV4YW1wbGUuZWR1PC9zdHJpbmc+PC9hcnJheT48a2V5PkNvb2tpZXNCbG9ja2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Db29raWVzU2Vzc2lvbk9ubHlGb3JVcmxzPC9rZXk+PGFycmF5PjxzdHJpbmc+aHR0cDovL3d3dy5leGFtcGxlLmNvbTwvc3RyaW5nPjxzdHJpbmc+WyouXWV4YW1wbGUuZWR1PC9zdHJpbmc+PC9hcnJheT48a2V5PkRlZmF1bHRDb29raWVzU2V0dGluZzwva2V5PjxpbnRlZ2VyPjE8L2ludGVnZXI+PGtleT5EZWZhdWx0UG9wdXBzU2V0dGluZzwva2V5PjxpbnRlZ2VyPjE8L2ludGVnZXI+PGtleT5EZWZhdWx0U2VhcmNoUHJvdmlkZXJFbmFibGVkPC9rZXk+PHRydWUvPjxrZXk+RGVmYXVsdFNlYXJjaFByb3ZpZGVyS2V5d29yZDwva2V5PjxzdHJpbmc+bWlzPC9zdHJpbmc+PGtleT5EZWZhdWx0U2VhcmNoUHJvdmlkZXJOYW1lPC9rZXk+PHN0cmluZz5NeSBJbnRyYW5ldCBTZWFyY2g8L3N0cmluZz48a2V5PkRlZmF1bHRTZWFyY2hQcm92aWRlclNlYXJjaFVSTDwva2V5PjxzdHJpbmc+aHR0cDovL3NlYXJjaC5teS5jb21wYW55L3NlYXJjaD9xPXtzZWFyY2hUZXJtc308L3N0cmluZz48a2V5Pk1hbmFnZWRCb29rbWFya3M8L2tleT48YXJyYXk+PGRpY3Q+PGtleT5uYW1lPC9rZXk+PHN0cmluZz5Hb29nbGU8L3N0cmluZz48a2V5PnVybDwva2V5PjxzdHJpbmc+Z29vZ2xlLmNvbTwvc3RyaW5nPjwvZGljdD48ZGljdD48a2V5Pm5hbWU8L2tleT48c3RyaW5nPllvdXR1YmU8L3N0cmluZz48a2V5PnVybDwva2V5PjxzdHJpbmc+eW91dHViZS5jb208L3N0cmluZz48L2RpY3Q+PC9hcnJheT48a2V5PlBhc3N3b3JkTWFuYWdlckVuYWJsZWQ8L2tleT48dHJ1ZS8+PGtleT5Qb3B1cHNBbGxvd2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Qb3B1cHNCbG9ja2VkRm9yVXJsczwva2V5PjxhcnJheT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPlsqLl1leGFtcGxlLmVkdTwvc3RyaW5nPjwvYXJyYXk+PGtleT5Qcm94eUJ5cGFzc0xpc3Q8L2tleT48c3RyaW5nPmh0dHA6Ly93d3cuZXhhbXBsZTEuY29tLGh0dHA6Ly93d3cuZXhhbXBsZTIuY29tLGh0dHA6Ly9pbnRlcm5hbHNpdGUvPC9zdHJpbmc+PGtleT5Qcm94eU1vZGU8L2tleT48c3RyaW5nPmRpcmVjdDwvc3RyaW5nPjxrZXk+UHJveHlQYWNVcmw8L2tleT48c3RyaW5nPmh0dHA6Ly9pbnRlcm5hbC5zaXRlL2V4YW1wbGUucGFjPC9zdHJpbmc+PGtleT5Qcm94eVNlcnZlcjwva2V5PjxzdHJpbmc+MTIzLjEyMy4xMjMuMTIzOjgwODA8L3N0cmluZz48a2V5PlNlYXJjaFN1Z2dlc3RFbmFibGVkPC9rZXk+PHRydWUvPjxrZXk+VHJhbnNsYXRlRW5hYmxlZDwva2V5Pjx0cnVlLz48a2V5PlVSTEJsYWNrbGlzdDwva2V5PjxhcnJheT48c3RyaW5nPmV4YW1wbGUuY29tPC9zdHJpbmc+PHN0cmluZz5odHRwczovL3NzbC5zZXJ2ZXIuY29tPC9zdHJpbmc+PHN0cmluZz5ob3N0aW5nLmNvbS9iYWRfcGF0aDwvc3RyaW5nPjxzdHJpbmc+aHR0cDovL3NlcnZlcjo4MDgwL3BhdGg8L3N0cmluZz48c3RyaW5nPi5leGFjdC5ob3N0bmFtZS5jb208L3N0cmluZz48L2FycmF5PjxrZXk+VVJMV2hpdGVsaXN0PC9rZXk+PGFycmF5PjxzdHJpbmc+ZXhhbXBsZS5jb208L3N0cmluZz48c3RyaW5nPmh0dHBzOi8vc3NsLnNlcnZlci5jb208L3N0cmluZz48c3RyaW5nPmhvc3RpbmcuY29tL2JhZF9wYXRoPC9zdHJpbmc+PHN0cmluZz5odHRwOi8vc2VydmVyOjgwODAvcGF0aDwvc3RyaW5nPjxzdHJpbmc+LmV4YWN0Lmhvc3RuYW1lLmNvbTwvc3RyaW5nPjwvYXJyYXk+PC9kaWN0PjwvcGxpc3Q+</string>
</dict>
</plist>
Configuration
これは今まで通りで、 LegacyAppConfigAssetReference を指定するようにしただけ。
{
"Identifier": "8c2af0b6-5ae0-5927-a1cd-bab5e4148bb8",
"Type": "com.apple.configuration.app.managed",
"Payload": {
"InstallBehavior": {
"Install": "Required",
"License": {
"Assignment": "Device"
}
},
"BundleID": "com.google.chrome.ios",
"LegacyAppConfigAssetReference": "ac35558f-aefc-5faf-8f64-1faaff993b96"
},
"ServerToken": "f5a6484e60952873eb62365170888a5151e2ae2dbe1e98eb3bd8b57bbb9156ce"
}
いざ適用(iOS 18.3)
手元にあったのが18.4 betaではなく18.3だったので、古いOSバージョンに適用するとどうなるかをまず見ておく。
結論から言うとエラーになるのだが、エラーが割とわかりにくくて、「Assetがどこでも使われていないよ?」というものだ。Configurationにある LegacyAppConfigAssetReference はiOS 18.3ではスルーされるので、Assetがそこで使われていると認識されないためのようだ。
"configurations": [
...
{
"active": true,
"identifier": "8c2af0b6-5ae0-5927-a1cd-bab5e4148bb8",
"valid": "valid",
"server-token": "f5a6484e60952873eb62365170888a5151e2ae2dbe1e98eb3bd8b57bbb9156ce"
},
...
"assets": [
{
"reasons": [
{
"details": {
"Identifier": "ac35558f-aefc-5faf-8f64-1faaff993b96",
"ServerToken": "43c4d5fde49305687fa422f1b818935e0a711221faf7093787de96d75a029df4"
},
"description": "Asset “ac35558f-aefc-5faf-8f64-1faaff993b96:43c4d5fde49305687fa422f1b818935e0a711221faf7093787de96d75a029df4” is not referenced by a configuration.",
"code": "Info.NotReferencedByConfiguration"
}
],
"active": false,
"identifier": "ac35558f-aefc-5faf-8f64-1faaff993b96",
"valid": "unknown",
"server-token": "43c4d5fde49305687fa422f1b818935e0a711221faf7093787de96d75a029df4"
}
],
いざ適用(18.3 -> 18.4)
{
"Identifier": "21d7969f-6ae5-52c8-b0d1-c767702a2542",
"Type": "com.apple.configuration.softwareupdate.enforcement.specific",
"Payload": {
"TargetOSVersion": "18.4",
"TargetBuildVersion": "22E240",
"TargetLocalDateTime": "2025-03-29T10:50:00"
},
"ServerToken": "ae5c4729153b53f02484ab0c54d7d88b37bff7e24a881a640fe0232d4ff14a8c"
}
強制アップデートをかけて、
{
"StatusItems": {
"device": {
"operating-system": {
"marketing-name": "iPadOS 18.4",
"build-version": "22E240",
"supplemental": {
"build-version": "22E240"
},
"version": "18.4"
}
},
"softwareupdate": {
"install-reason": {
"reason": [
"declaration"
]
},
"install-state": "prepared"
}
},
"Errors": [
]
}
OSが18.4になると、assetがvalidかというとそうでもなく sysdiagnoseの logs/rmd/rmd_inspect_system.txt を見てみても以下のようにConfigurationのリロードがされておらず、アプリ管理設定が追加でロードされたりはしない。
configurations = (
{
active = 1;
assetReferences = (
);
declarationType = "com.apple.configuration.app.managed";
identifier = "8c2af0b6-5ae0-5927-a1cd-bab5e4148bb8";
loadState = loaded;
serverToken = f5a6484e60952873eb62365170888a5151e2ae2dbe1e98eb3bd8b57bbb9156ce;
ui = visible;
},
assets = (
{
active = 0;
identifier = "ac35558f-aefc-5faf-8f64-1faaff993b96";
reasons = (
{
code = "Info.NotReferencedByConfiguration";
}
);
"server-token" = 43c4d5fde49305687fa422f1b818935e0a711221faf7093787de96d75a029df4;
valid = unknown;
}
);
ConfigurationのServerTokenを変えて、Configurationの再ロードをさせる。
{
"Identifier": "8c2af0b6-5ae0-5927-a1cd-bab5e4148bb8",
"Type": "com.apple.configuration.app.managed",
"Payload": {
"InstallBehavior": {
"Install": "Required",
"License": {
"Assignment": "Device"
}
},
"BundleID": "com.google.chrome.ios",
"LegacyAppConfigAssetReference": "ac35558f-aefc-5faf-8f64-1faaff993b96"
},
"ServerToken": "7f5d8f8733db64eaea4133888bade49f293f3d617b8fed96784e35dfd88d2534"
}
するとステータスチャネルで上がってくるassetsのエラーは消えた。
"assets": [
{
"active": true,
"identifier": "ac35558f-aefc-5faf-8f64-1faaff993b96",
"valid": "valid",
"server-token": "43c4d5fde49305687fa422f1b818935e0a711221faf7093787de96d75a029df4"
}
],
ただ、この時点ではChromeに管理設定が適用されている感じはない。
sysdiagnoseを見ると
{
active = 1;
assetReferences = (
"ac35558f-aefc-5faf-8f64-1faaff993b96"
);
declarationType = "com.apple.configuration.app.managed";
identifier = "8c2af0b6-5ae0-5927-a1cd-bab5e4148bb8";
loadState = loaded;
serverToken = 7f5d8f8733db64eaea4133888bade49f293f3d617b8fed96784e35dfd88d2534;
ui = visible;
},
assets = (
{
active = 1;
identifier = "ac35558f-aefc-5faf-8f64-1faaff993b96";
"server-token" = 43c4d5fde49305687fa422f1b818935e0a711221faf7093787de96d75a029df4;
valid = valid;
}
);
適用されてそうに見えるが...
Yusuke Iwaki
Also, please try the following: send the app.managed configuration a second time but with the ServerToken changed so that it does an in-place update.
ということなので、ふたたび ConfigurationのServerTokenを変えてみる。
{
"Identifier": "8c2af0b6-5ae0-5927-a1cd-bab5e4148bb8",
"Type": "com.apple.configuration.app.managed",
"Payload": {
"InstallBehavior": {
"Install": "Required",
"License": {
"Assignment": "Device"
}
},
"BundleID": "com.google.chrome.ios",
"LegacyAppConfigAssetReference": "ac35558f-aefc-5faf-8f64-1faaff993b96"
},
"ServerToken": "e34665cd70a0e8b9dfab6706fa5024173852f398fe9c5901d5b3fb139b61d021"
}
しかし変わらない...
Chromeアプリ側の仕様かもしれないのでsysdiagnoseを見てみる。
default 2025-03-30 02:40:50.655648 +0900 managedappdistributiond [DDMB0A9BAF5] Returning current status for 'com.apple.RemoteManagement.ManagedAppsExtension/E98E0596-C668-450A-94C0-05978C78016E:OGMyYWYwYjYtNWFlMC01OTI3LWExY2QtYmFiNWU0MTQ4YmI4.N2Y1ZDhmODczM2RiNjRlYWVhNDEzMzg4OGJhZGU0OWYyOTNmM2Q2MTdiOGZlZDk2Nzg0ZTM1ZGZkODhkMjUzNA==$YWMzNTU1OGYtYWVmYy01ZmFmLThmNjQtMWZhYWZmOTkzYjk2.NDNjNGQ1ZmRlNDkzMDU2ODdmYTQyMmYxYjgxODkzNWUwYTcxMTIyMWZhZjcwOTM3ODdkZTk2ZDc1YTAyOWRmNA==': 8c2af0b6-5ae0-5927-a1cd-bab5e4148bb8 { bundleID = com.google.chrome.ios, state = State(rawValue: 7), reasons = [] }
どうやらOSアプデしたあとにconfigurationを再ロードしたタイミングで、管理設定は読まれてそうだ。Chrome側の問題...?
Yusuke Iwaki
これでやってみる。
{
"Identifier": "4170b4cb-a68f-5d4a-aa8e-5e558b5ba127",
"Type": "com.apple.configuration.app.managed",
"Payload": {
"InstallBehavior": {
"Install": "Required",
"License": {
"Assignment": "Device"
}
},
"AppStoreID": "1569777095",
"LegacyAppConfigAssetReference": "d655bd08-8a23-5b4f-9dcf-a0e8aad91842"
},
"ServerToken": "d866d1fce6ef2ae77320942d831ebcca63eecf3357e39e9391f23e253e187679"
}
{
"Identifier": "d655bd08-8a23-5b4f-9dcf-a0e8aad91842",
"Type": "com.apple.asset.data",
"Payload": {
"Reference": {
"DataURL": "https://i3-oreore-ios-mdm.azurewebsites.net/asset_files/eyJpZCI6IjI0NTM1MGI4NzAyNjlmYzcxYmI2YjgxYzQ4ZjlkZTQ5LnBsaXN0Iiwic3RvcmFnZSI6InN0b3JlIiwibWV0YWRhdGEiOnsiZmlsZW5hbWUiOiJzY3J1Yi5wbGlzdCIsInNpemUiOjMxOCwibWltZV90eXBlIjoiYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtIn19",
"ContentType": "application/plist"
}
},
"ServerToken": "91b33114d0d0a7096854d00457a619a54b74d6d23fbc3ef60871f1435ca93cf4"
}
http https://i3-oreore-ios-mdm.azurewebsites.net/asset_files/eyJpZCI6IjI0NTM1MGI4NzAyNjlmYzcxYmI2YjgxYzQ4ZjlkZTQ5LnBsaXN0Iiwic3RvcmFnZSI6InN0b3JlIiwibWV0YWRhdGEiOnsiZmlsZW5hbWUiOiJzY3J1Yi5wbGlzdCIsInNpemUiOjMxOCwibWltZV90eXBlIjoiYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtIn19
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Length: 318
Content-Type: application/plist
Date: Sat, 29 Mar 2025 18:46:09 GMT
X-Content-Type-Options: nosniff
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC '-//Apple//DTD PLIST 1.0//EN' 'http://www.apple.com/DTDs/PropertyList-1.0.dtd'>
<plist version="1.0">
<dict>
<key>customUrl</key>
<string>https://stretch3.github.io/</string>
<key>home</key>
<string>customUrl</string>
</dict>
</plist>
最初の適用だとやっぱりだめそう。
{
"Identifier": "4170b4cb-a68f-5d4a-aa8e-5e558b5ba127",
"Type": "com.apple.configuration.app.managed",
"Payload": {
"InstallBehavior": {
"Install": "Required",
"License": {
"Assignment": "Device"
}
},
"AppStoreID": "1569777095",
"LegacyAppConfigAssetReference": "d655bd08-8a23-5b4f-9dcf-a0e8aad91842"
},
"ServerToken": "5b75b6478a919e5088aa0d9d5c8b52202efbb3f43cd959180b4e342a883833e5"
}
ServerTokenを変えて再適用させると...
管理設定が適用された!!!
Also, please try the following: send the app.managed configuration a second time but with the ServerToken changed so that it does an in-place update.
この通りのようだ。
そして、いちど適用がされるようになれば、
{
"Identifier": "d655bd08-8a23-5b4f-9dcf-a0e8aad91842",
"Type": "com.apple.asset.data",
"Payload": {
"Reference": {
"DataURL": "https://i3-oreore-ios-mdm.azurewebsites.net/asset_files/eyJpZCI6IjJiMjY4Y2Q3ZGExYjYyYmFkNTJiNTY1ZDE5Y2M2MjBjLnBsaXN0Iiwic3RvcmFnZSI6InN0b3JlIiwibWV0YWRhdGEiOnsiZmlsZW5hbWUiOiJzY3J1Yi5wbGlzdCIsInNpemUiOjMxOSwibWltZV90eXBlIjoiYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtIn19",
"ContentType": "application/plist"
}
},
"ServerToken": "6f500fd9f487e4fd1f4ea05838c15c23b3fd2bb65f37b5c6010708a95dab61c5"
}
このようにassetsを変更するだけでConfigurationを再適用しなくてもアプリに再適用されるようだ。
Yusuke Iwaki
Please re-test with the 18.5 beta release, as the problem should now be fixed.
18.5で修正されたようだ。
実際にやってみると18.5 beta1ではすんなり管理設定が適用された!