Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91

Rename Apple Business Manager in UI (#42584)

Browse source 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #42512

---------

Co-authored-by: Luke Heath <luke@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
This commit is contained in:
melpike 2026-04-08 11:14:19 -06:00 committed by GitHub
parent 6a71c18bbe
commit 75982f44de
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
50 changed files with 137 additions and 162 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cmd/fleet/cron.go
View file

@ -1562,7 +1562,7 @@ func trySendStatistics(ctx context.Context, ds fleet.Datastore, frequency time.D
}
// newAppleMDMDEPProfileAssigner creates the schedule to run the DEP syncer+assigner.
// The DEP syncer+assigner fetches devices from Apple Business Manager (aka ABM) and applies
// The DEP syncer+assigner fetches devices from Apple Business (aka AB) and applies
// the current configured DEP profile to them.
func newAppleMDMDEPProfileAssigner(
ctx context.Context,

6
cmd/fleet/serve.go
View file

@ -687,7 +687,7 @@ func runServeCmd(cmd *cobra.Command, configManager configpkg.Manager, debug, dev
return true, nil
}
// reconcile Apple Business Manager configuration environment variables with the database
// reconcile Apple Business configuration environment variables with the database
if config.MDM.IsAppleAPNsSet() || config.MDM.IsAppleSCEPSet() {
if len(config.Server.PrivateKey) == 0 {
initFatal(errors.New("inserting MDM APNs and SCEP assets"),
@ -768,7 +768,7 @@ func runServeCmd(cmd *cobra.Command, configManager configpkg.Manager, debug, dev
}
}
// reconcile Apple Business Manager configuration environment variables with the database
// reconcile Apple Business configuration environment variables with the database
if config.MDM.IsAppleBMSet() {
if len(config.Server.PrivateKey) == 0 {
initFatal(errors.New("inserting MDM ABM assets"),
@ -856,7 +856,7 @@ func runServeCmd(cmd *cobra.Command, configManager configpkg.Manager, debug, dev
logger.InfoContext(cmd.Context(), "Apple MDM enabled")
}
if appCfg.MDM.AppleBMEnabledAndConfigured {
logger.InfoContext(cmd.Context(), "Apple Business Manager enabled")
logger.InfoContext(cmd.Context(), "Apple Business enabled")
}
// register the Microsoft MDM services

2
cmd/fleetctl/fleetctl/apply_test.go
View file

@ -2931,7 +2931,7 @@ spec:
mockStore.Unlock()
})
// // TODO: restore this test when we have a way to mock the Apple Business Manager API in
// // TODO: restore this test when we have a way to mock the Apple Business API in
// // fleetctl tests
// t.Run("enable end user authentication", func(t *testing.T) {
// ds := setupServer(t, true)

4
cmd/fleetctl/fleetctl/generate.go
View file

@ -91,13 +91,13 @@ func generateMDMAppleBMCommand() *cli.Command {
return &cli.Command{
Name: "mdm-apple-bm",
Aliases: []string{"mdm_apple_bm"},
Usage: "Generate Apple Business Manager public key to enable automatic enrollment for macOS hosts.",
Usage: "Generate Apple Business public key to enable automatic enrollment for macOS hosts.",
Flags: []cli.Flag{
contextFlag(),
debugFlag(),
&cli.StringFlag{
Name: "public-key",
Usage: "The output path for the Apple Business Manager public key certificate.",
Usage: "The output path for the Apple Business public key certificate.",
Value: bmPublicKeyCertPath,
},
},

10
cmd/fleetctl/fleetctl/get.go
View file

@ -864,7 +864,7 @@ func getHostsCommand() *cli.Command {
},
&cli.BoolFlag{
Name: "mdm-pending",
Usage: "Filters hosts by hosts ordered via Apple Business Manager (ABM). These will automatically enroll to Fleet and turn on MDM when they're unboxed.",
Usage: "Filters hosts by hosts ordered via Apple Business (AB). These will automatically enroll to Fleet and turn on MDM when they're unboxed.",
},
},
Action: func(c *cli.Context) error {
@ -1455,7 +1455,7 @@ func getMDMAppleBMCommand() *cli.Command {
return &cli.Command{
Name: "mdm-apple-bm",
Aliases: []string{"mdm_apple_bm"},
Usage: "Show information about Apple Business Manager for automatic enrollment",
Usage: "Show information about Apple Business for automatic enrollment",
Flags: []cli.Flag{
configFlag(),
contextFlag(),
@ -1473,7 +1473,7 @@ func getMDMAppleBMCommand() *cli.Command {
if err != nil {
var nfe service.NotFoundErr
if errors.As(err, &nfe) {
log(c, "Error: No Apple Business Manager server token found. Use `fleetctl generate mdm-apple-bm` and then `fleet serve` with `mdm` configuration to automatically enroll macOS hosts to Fleet.\n")
log(c, "Error: No Apple Business server token found. Use `fleetctl generate mdm-apple-bm` and then `fleet serve` with `mdm` configuration to automatically enroll macOS hosts to Fleet.\n")
return nil
}
return fmt.Errorf("could not get Apple BM information: %w", err)
@ -1494,10 +1494,10 @@ func getMDMAppleBMCommand() *cli.Command {
warnDate := time.Now().Add(expirationWarning)
if bm.RenewDate.Before(time.Now()) {
// certificate is expired, print an error
color.New(color.FgRed).Fprintln(c.App.Writer, "\nERROR: Your Apple Business Manager (ABM) server token is expired. Laptops newly purchased via ABM will not automatically enroll in Fleet. To renew your ABM server token, follow these instructions: https://fleetdm.com/docs/using-fleet/faq#how-can-i-renew-my-apple-business-manager-server-token")
color.New(color.FgRed).Fprintln(c.App.Writer, "\nERROR: Your Apple Business (AB) server token is expired. Laptops newly purchased via ABM will not automatically enroll in Fleet. To renew your ABM server token, follow these instructions: https://fleetdm.com/docs/using-fleet/faq#how-can-i-renew-my-apple-business-manager-server-token")
} else if bm.RenewDate.Before(warnDate) {
// certificate will soon expire, print a warning
color.New(color.FgYellow).Fprintln(c.App.Writer, "\nWARNING: Your Apple Business Manager (ABM) server token is less than 30 days from expiration. If it expires, laptops newly purchased via ABM will not automatically enroll in Fleet. To renew your ABM server token, follow these instructions: https://fleetdm.com/docs/using-fleet/faq#how-can-i-renew-my-apple-business-manager-server-token")
color.New(color.FgYellow).Fprintln(c.App.Writer, "\nWARNING: Your Apple Business (AB) server token is less than 30 days from expiration. If it expires, laptops newly purchased via ABM will not automatically enroll in Fleet. To renew your ABM server token, follow these instructions: https://fleetdm.com/docs/using-fleet/faq#how-can-i-renew-my-apple-business-manager-server-token")
}
return nil

2
cmd/fleetctl/fleetctl/get_test.go
View file

@ -2375,7 +2375,7 @@ func TestGetAppleBM(t *testing.T) {
}
out := RunAppForTest(t, []string{"get", "mdm_apple_bm"})
assert.Contains(t, out, "No Apple Business Manager server token found.")
assert.Contains(t, out, "No Apple Business server token found.")
})
t.Run("premium license, multiple tokens", func(t *testing.T) {

8
cmd/fleetctl/fleetctl/templates/new/default.template.yml
View file

@ -61,15 +61,15 @@ org_settings:
###########################################################
# Uncomment when you are ready to start using zero-touch enrollment
# for Apple devices via Apple Business Manager (ABM).
# for Apple devices via Apple Business (AB).
#
# Read more:
# • https://fleetdm.com/docs/configuration/yaml-files#apple-business-manager
# • https://fleetdm.com/guides/apple-mdm-setup#apple-business-manager-abm
###########################################################
# apple_business_manager:
# - organization_name: "My Company, Inc." # This must exactly match the organization name in Apple Business Manager (ABM).
# macos_fleet: "💻 Workstations" # Where new macOS devices from ABM will appear
# - organization_name: "My Company, Inc." # This must exactly match the organization name in Apple Business (AB).
# macos_fleet: "💻 Workstations" # Where new macOS devices from AB will appear
###########################################################
# Uncomment to start using Apple's volume purchase program (VPP)
@ -81,7 +81,7 @@ org_settings:
# • https://fleetdm.com/guides/apple-mdm-setup#volume-purchasing-program-vpp
###########################################################
# volume_purchasing_program:
# - location: "My location." # This must exactly match a "Location" name in Apple Business Manager (ABM).
# - location: "My location." # This must exactly match a "Location" name in Apple Business (AB).
# fleets:
# - "💻 Workstations"
# - "📱🔐 Personal mobile devices"

2
ee/server/service/mdm.go
View file

@ -1642,7 +1642,7 @@ func (svc *Service) decryptUploadedABMToken(ctx context.Context, token io.Reader
decryptedToken, err = assets.DecryptRawABMToken(encryptedToken, cert, pair[fleet.MDMAssetABMKey].Value)
if err != nil {
return nil, nil, ctxerr.Wrap(ctx, &fleet.BadRequestError{
Message: "Invalid token. Please provide a valid token from Apple Business Manager.",
Message: "Invalid token. Please provide a valid token from Apple Business.",
InternalErr: err,
}, "validating ABM token")
}

4
ee/server/service/software_installers.go
View file

@ -1466,7 +1466,7 @@ func (svc *Service) InstallVPPAppPostValidation(ctx context.Context, host *fleet
"host_serial", host.HardwareSerial,
)
return "", &fleet.BadRequestError{
Message: "Couldn't add software. <app_store_id> isn't available in Apple Business Manager. Please purchase license in Apple Business Manager and try again.",
Message: "Couldn't add software. <app_store_id> isn't available in Apple Business. Please purchase license in Apple Business and try again.",
InternalErr: ctxerr.Errorf(ctx, "VPP API didn't return any assets for adamID %s", vppApp.AdamID),
}
}
@ -1477,7 +1477,7 @@ func (svc *Service) InstallVPPAppPostValidation(ctx context.Context, host *fleet
if assets[0].AvailableCount <= 0 {
return "", &fleet.BadRequestError{
Message: "Couldn't install. No available licenses. Please purchase license in Apple Business Manager and try again.",
Message: "Couldn't install. No available licenses. Please purchase license in Apple Business and try again.",
InternalErr: ctxerr.NewWithData(
ctx, "license available count <= 0",
map[string]any{

12
ee/server/service/vpp.go
View file

@ -677,7 +677,7 @@ func (svc *Service) AddAppStoreApp(ctx context.Context, teamID *uint, appID flee
return 0, fleet.NewInvalidArgumentError(
"app_store_id",
fmt.Sprintf(
"Couldn't add software. %q isn't available in Apple Business Manager or Play Store. Please purchase a license in Apple Business Manager or find the app in Play Store and try again.",
"Couldn't add software. %q isn't available in Apple Business or Play Store. Please purchase a license in Apple Business or find the app in Play Store and try again.",
appID.AdamID,
),
)
@ -695,7 +695,7 @@ func (svc *Service) AddAppStoreApp(ctx context.Context, teamID *uint, appID flee
if len(assets) == 0 {
return 0, fleet.NewInvalidArgumentError("app_store_id",
fmt.Sprintf("Error: Couldn't add software. %q isn't available in Apple Business Manager. Please purchase license in Apple Business Manager and try again.", appID.AdamID))
fmt.Sprintf("Error: Couldn't add software. %q isn't available in Apple Business. Please purchase license in Apple Business and try again.", appID.AdamID))
}
asset := assets[0]
@ -1144,7 +1144,7 @@ func (svc *Service) UploadVPPToken(ctx context.Context, token io.ReadSeeker) (*f
}
if token == nil {
return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("token", "Invalid token. Please provide a valid content token from Apple Business Manager."))
return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("token", "Invalid token. Please provide a valid content token from Apple Business."))
}
tokenBytes, err := io.ReadAll(token)
@ -1158,7 +1158,7 @@ func (svc *Service) UploadVPPToken(ctx context.Context, token io.ReadSeeker) (*f
if errors.As(err, &vppErr) {
// Per https://developer.apple.com/documentation/devicemanagement/app_and_book_management/app_and_book_management_legacy/interpreting_error_codes
if vppErr.ErrorNumber == 9622 {
return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("token", "Invalid token. Please provide a valid content token from Apple Business Manager."))
return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("token", "Invalid token. Please provide a valid content token from Apple Business."))
}
}
return nil, ctxerr.Wrap(ctx, err, "validating VPP token with Apple")
@ -1198,7 +1198,7 @@ func (svc *Service) UpdateVPPToken(ctx context.Context, tokenID uint, token io.R
}
if token == nil {
return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("token", "Invalid token. Please provide a valid content token from Apple Business Manager."))
return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("token", "Invalid token. Please provide a valid content token from Apple Business."))
}
tokenBytes, err := io.ReadAll(token)
@ -1212,7 +1212,7 @@ func (svc *Service) UpdateVPPToken(ctx context.Context, tokenID uint, token io.R
if errors.As(err, &vppErr) {
// Per https://developer.apple.com/documentation/devicemanagement/app_and_book_management/app_and_book_management_legacy/interpreting_error_codes
if vppErr.ErrorNumber == 9622 {
return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("token", "Invalid token. Please provide a valid content token from Apple Business Manager."))
return nil, ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("token", "Invalid token. Please provide a valid content token from Apple Business."))
}
}
return nil, ctxerr.Wrap(ctx, err, "validating VPP token with Apple")

14
frontend/components/MDM/AppleBMRenewalMessage/AppleBMRenewalMessage.tsx
View file

@ -17,7 +17,7 @@ const AppleBMRenewalMessage = ({ expired }: IAppleBMRenewalMessageProps) => {
cta={
<CustomLink
url="/settings/integrations/mdm/abm"
text="Renew ABM"
text="Renew AB"
className={`${baseClass}`}
variant="banner-link"
/>
@ -25,16 +25,16 @@ const AppleBMRenewalMessage = ({ expired }: IAppleBMRenewalMessageProps) => {
>
{expired ? (
<>
Your Apple Business Manager (ABM) server token has expired. macOS,
iOS, and iPadOS hosts wont automatically enroll to Fleet. Users with
the admin role in Fleet can renew ABM.
Your Apple Business (AB) server token has expired. macOS, iOS, and
iPadOS hosts wont automatically enroll to Fleet. Users with the admin
role in Fleet can renew AB.
</>
) : (
<>
Your Apple Business Manager (ABM) server token is less than 30 days
from expiration. If it expires, macOS, iOS, and iPadOS hosts wont
Your Apple Business (AB) server token is less than 30 days from
expiration. If it expires, macOS, iOS, and iPadOS hosts wont
automatically enroll to Fleet. Users with the admin role in Fleet can
renew ABM.
renew AB.
</>
)}
</InfoBanner>

10
frontend/components/MDM/AppleBMTermsMessage/AppleBMTermsMessage.tsx
View file

@ -13,7 +13,7 @@ const AppleBMTermsMessage = () => {
cta={
<CustomLink
url="https://business.apple.com/" // TODO: maybe point to new /settings/integrations/mdm/abm
text="Go to ABM"
text="Go to AB"
className={`${baseClass}__new-tab`}
newTab
variant="banner-link"
@ -21,10 +21,10 @@ const AppleBMTermsMessage = () => {
}
>
You cant automatically enroll macOS, iOS, and iPadOS hosts until you
accept the new terms and conditions for your Apple Business Manager (ABM).
An ABM administrator can accept these terms. If you have connected
multiple ABM instances, this banner will disappear once you accept the new
terms and conditions in all of them.
accept the new terms and conditions for your Apple Business (AB). An AB
administrator can accept these terms. If you have connected multiple AB
instances, this banner will disappear once you accept the new terms and
conditions in all of them.
</InfoBanner>
);
};

6
frontend/pages/DashboardPage/cards/ABMIssueHosts/ABMIssueHosts.tsx
View file

@ -16,8 +16,8 @@ interface IABMIssueHostsProps {
export const abmIssueTooltip = (): JSX.Element => {
return (
<span>
Hosts that have Apple Business Manager (ABM) profile assignment issue.
Migration or new Mac setup won&apos;t work.
Hosts that have Apple Business (AB) profile assignment issue. Migration or
new Mac setup won&apos;t work.
</span>
);
};
@ -42,7 +42,7 @@ const ABMIssueHosts = ({
<HostCountCard
iconName="abm-issue-hosts"
count={abmIssueCount}
title="ABM issue"
title="AB issue"
tooltip={abmIssueTooltip()}
path={path}
className={baseClass}

5
frontend/pages/SoftwarePage/components/forms/SoftwareVppForm/SoftwareVppForm.tsx
View file

@ -312,9 +312,8 @@ const SoftwareVppForm = ({
onSelect={onSelectApp}
/>
<div className={`${baseClass}__help-text`}>
These apps were added in Apple Business Manager (ABM). To add more
apps, head to{" "}
<CustomLink url="https://business.apple.com" text="ABM" newTab />
These apps were added in Apple Business (AB). To add more apps, head
to <CustomLink url="https://business.apple.com" text="AB" newTab />
</div>
{showDeploySoftwareSlider && (
<SoftwareDeploySlider

8
frontend/pages/admin/IntegrationsPage/cards/MdmSettings/AppleBusinessManagerPage/AppleBusinessManagerPage.tsx
View file

@ -37,12 +37,12 @@ interface IAddAbmMessageProps {
const AddAbmMessage = ({ onAddAbm }: IAddAbmMessageProps) => {
return (
<div className={`${baseClass}__add-adm-message`}>
<h2>Add your ABM</h2>
<h2>Add your AB</h2>
<p>
Automatically enroll newly purchased Apple hosts when they&apos;re first
unboxed and set up by your end users.
</p>
<Button onClick={onAddAbm}>Add ABM</Button>
<Button onClick={onAddAbm}>Add AB</Button>
</div>
);
};
@ -214,11 +214,11 @@ const AppleBusinessManagerPage = ({ router }: { router: InjectedRouter }) => {
</div>
<div className={`${baseClass}__page-content`}>
<div className={`${baseClass}__page-header-section`}>
<h1>Apple Business Manager (ABM)</h1>
<h1>Apple Business (AB)</h1>
{isPremiumTier &&
abmTokens?.length !== 0 &&
!!config?.mdm.enabled_and_configured && (
<Button onClick={onAddAbm}>Add ABM</Button>
<Button onClick={onAddAbm}>Add AB</Button>
)}
</div>
<>{renderContent()}</>

13
frontend/pages/admin/IntegrationsPage/cards/MdmSettings/AppleBusinessManagerPage/components/AddAbmModal/AddAbmModal.tsx
View file

@ -51,12 +51,7 @@ const AddAbmModal = ({ onCancel, onAdded }: IAddAbmModalProps) => {
}, [tokenFile, renderFlash, onAdded, onCancel]);
return (
<Modal
className={baseClass}
title="Add ABM"
onExit={onCancel}
width="large"
>
<Modal className={baseClass} title="Add AB" onExit={onCancel} width="large">
<ol className={`${baseClass}__setup-list`}>
<li>
<span>1.</span>
@ -71,7 +66,7 @@ const AddAbmModal = ({ onCancel, onAdded }: IAddAbmModalProps) => {
Sign in to{" "}
<CustomLink
newTab
text="Apple Business Manager"
text="Apple Business"
url="https://business.apple.com"
/>
<br />
@ -129,7 +124,7 @@ const AddAbmModal = ({ onCancel, onAdded }: IAddAbmModalProps) => {
isUploading ? `${baseClass}__file-uploader--loading` : ""
}`}
accept=".p7m"
message="ABM token (.p7m)"
message="AB token (.p7m)"
graphicName="file-p7m"
buttonType="brand-inverse-icon"
buttonMessage={isUploading ? "Uploading..." : "Upload"}
@ -142,7 +137,7 @@ const AddAbmModal = ({ onCancel, onAdded }: IAddAbmModalProps) => {
isLoading={isUploading}
disabled={!tokenFile || isUploading}
>
Add ABM
Add AB
</Button>
</div>
</Modal>

39
frontend/pages/admin/IntegrationsPage/cards/MdmSettings/AppleBusinessManagerPage/components/RenewAbmModal/RenewAbmModal.tsx
View file

@ -66,47 +66,30 @@ const RenewAbmModal = ({
>
<div className={`${baseClass}__page-content ${baseClass}__setup-content`}>
<p className={`${baseClass}__description`}>
Renew Apple Business Manager for <b>{orgName}</b>.
Renew Apple Business for <b>{orgName}</b> by uploading your AB token.{" "}
<CustomLink
newTab
text="Learn more"
url="https://fleetdm.com/guides/apple-mdm-setup#to-renew-an-abm-token"
/>
</p>
<ol className={`${baseClass}__setup-instructions-list`}>
<ul className={`${baseClass}__setup-instructions-list`}>
<li>
<p>
1. Sign in to{" "}
<CustomLink
url="https://business.apple.com/"
text="Apple Business Manager"
newTab
/>
</p>
</li>
<li>
<p>
2. Select your <b>account name</b> at the bottom left of the
screen, then select <b>Preferences</b>.
</p>
</li>
<li>
<p>
3. In the <b>Your MDM Servers</b> section, select your Fleet
server, then select <b>Download Token</b> at the top.
</p>
</li>
<li>
<p>
4. Upload the downloaded token (.p7m file) below.
Upload the downloaded token (.p7m file) below.
<FileUploader
className={`${baseClass}__file-uploader`}
accept=".p7m"
buttonMessage="Choose file"
buttonType="brand-inverse-icon"
graphicName="file-p7m"
message="ABM token (.p7m)"
message="AB token (.p7m)"
onFileUpload={onSelectFile}
fileDetails={tokenFile ? { name: tokenFile.name } : undefined}
/>
</p>
</li>
</ol>
</ul>
<div className="modal-cta-wrap">
<Button
className={`${baseClass}__submit-button ${
@ -117,7 +100,7 @@ const RenewAbmModal = ({
type="button"
onClick={onRenewToken}
>
Renew ABM
Renew AB
</Button>
</div>
</div>

2
frontend/pages/admin/IntegrationsPage/cards/MdmSettings/VppPage/VppPage.tsx
View file

@ -36,7 +36,7 @@ const AddVppMessage = ({ onAddVpp }: IAddVppMessageProps) => {
return (
<EmptyTable
header="Add your VPP"
info="Install Apple App Store apps purchased through Apple Business Manager."
info="Install Apple App Store apps purchased through Apple Business."
primaryButton={<Button onClick={onAddVpp}>Add VPP</Button>}
/>
);

2
frontend/pages/admin/IntegrationsPage/cards/MdmSettings/VppPage/components/EditTeamsVppModal/EditTeamsVppModal.tsx
View file

@ -286,7 +286,7 @@ const EditTeamsVppModal = ({
</>
)
}
helpText="App Store apps in this VPP token's Apple Business Manager (ABM) will only be available to install on hosts in these fleets."
helpText="App Store apps in this VPP token's Apple Business (AB) will only be available to install on hosts in these fleets."
disabled={isDropdownDisabled}
/>
</TooltipWrapper>

2
frontend/pages/admin/IntegrationsPage/cards/MdmSettings/VppPage/components/RenewVppModal/helpers.ts
View file

@ -9,7 +9,7 @@ export const getErrorMessage = (err: unknown) => {
});
if (invalidTokenReason) {
return "Invalid token. Please provide a valid token from Apple Business Manager.";
return "Invalid token. Please provide a valid token from Apple Business.";
}
return DEFAULT_ERROR_MESSAGE;

2
frontend/pages/admin/IntegrationsPage/cards/MdmSettings/VppPage/components/VppSetupSteps/VppSetupSteps.tsx
View file

@ -20,7 +20,7 @@ const VppSetupSteps = ({ extendendSteps = false }: IVppSetupStepsProps) => {
<CustomLink
newTab
url="https://business.apple.com"
text="Apple Business Manager"
text="Apple Business"
/>
{extendendSteps && (
<>

2
frontend/pages/admin/IntegrationsPage/cards/MdmSettings/components/AppleBusinessManagerSection/AppleBusinessManagerSection.tsx
View file

@ -34,7 +34,7 @@ const AppleBusinessManagerSection = ({
};
return (
<SettingsSection title="Apple Business Manager (ABM)" className={baseClass}>
<SettingsSection title="Apple Business (AB)" className={baseClass}>
{!isPremiumTier ? (
<PremiumFeatureMessage alignment="left" />
) : (

2
frontend/pages/admin/IntegrationsPage/cards/MdmSettings/components/AppleBusinessManagerSection/VppCard/VppCard.tsx
View file

@ -48,7 +48,7 @@ const VppCard = ({ isAppleMdmOn, isVppOn, viewDetails }: IVppCardProps) => {
}
>
Add a VPP connection to install Apple App Store apps purchased through
Apple Business Manager.
Apple Business.
</SectionCard>
);

2
frontend/pages/admin/IntegrationsPage/cards/MdmSettings/components/EndUserMigrationSection/EndUserMigrationSection.tests.tsx
View file

@ -122,7 +122,7 @@ describe("EndUserMigrationSection", () => {
render(<EndUserMigrationSection router={mockRouter} />);
expect(
screen.getByText("Connect to Apple Business Manager to get started.")
screen.getByText("Connect to Apple Business to get started.")
).toBeInTheDocument();
expect(screen.getByRole("button", { name: "Connect" })).toBeInTheDocument();
});

2
frontend/pages/admin/IntegrationsPage/cards/MdmSettings/components/EndUserMigrationSection/EndUserMigrationSection.tsx
View file

@ -153,7 +153,7 @@ const EndUserMigrationSection = ({ router }: IEndUserMigrationSectionProps) => {
<EmptyTable
className={`${baseClass}__abm-connect-message`}
header="Migration workflow for macOS hosts"
info="Connect to Apple Business Manager to get started."
info="Connect to Apple Business to get started."
primaryButton={<Button onClick={onClickConnect}>Connect</Button>}
/>
</div>

20
frontend/pages/hosts/ManageHostsPage/components/HostsFilterBlock/HostsFilterBlock.tsx
View file

@ -429,7 +429,7 @@ const HostsFilterBlock = ({
pending: (
<span>
Hosts ordered using Apple <br />
Business Manager (ABM). <br />
Business (AB). <br />
They will automatically enroll <br />
to Fleet and turn on MDM <br />
when they&apos;re unboxed.
@ -626,7 +626,7 @@ const HostsFilterBlock = ({
return (
<FilterPill
className={`${baseClass}__abm-issue-filter-pill`}
label="Apple Business Manager (ABM) issues"
label="Apple Business (AB) issues"
tooltipDescription={abmIssueTooltip()}
onClear={() => handleClearFilter(["dep_profile_error"])}
/>
@ -637,22 +637,22 @@ const HostsFilterBlock = ({
const renderLabel = () => {
switch (depAssignProfileResponse) {
case "SUCCESS":
return "Apple Business Manager (ABM) profile assignment successful";
return "Apple Business (AB) profile assignment successful";
case "FAILED":
return "Apple Business Manager (ABM) issue: Failed";
return "Apple Business (AB) issue: Failed";
case "THROTTLED":
return "Apple Business Manager (ABM) issue: Throttled";
return "Apple Business (AB) issue: Throttled";
case "NOT_ACCESSIBLE":
return "Apple Business Manager (ABM) issue: Not accessible";
return "Apple Business (AB) issue: Not accessible";
default:
return "Apple Business Manager (ABM) issues";
return "Apple Business (AB) issues";
}
};
const renderTooltip = () => {
switch (depAssignProfileResponse) {
case "SUCCESS":
return "Hosts that had a successful response from Apple Business Manager (ABM) for profile assignment.";
return "Hosts that had a successful response from Apple Business (AB) for profile assignment.";
case "FAILED":
return (
<>
@ -673,8 +673,8 @@ const HostsFilterBlock = ({
return (
<>
Migration or new Mac setup won&apos;t work. Details are not
accessible from Apple Business Manager (ABM). Verify these hosts
are assigned to your MDM server and Fleet has access permissions.
accessible from Apple Business (AB). Verify these hosts are
assigned to your MDM server and Fleet has access permissions.
</>
);
default:

9
frontend/pages/hosts/details/modals/MDMStatusModal/MDMStatusModal.tsx
View file

@ -349,8 +349,8 @@ const MDMStatusModal = ({
tooltip: (
<>
Migration or new Mac setup won&apos;t work. Details are not
accessible from Apple Business Manager (ABM). Verify the host is
assigned to your MDM server and Fleet has access permissions.
accessible from Apple Business (AB). Verify the host is assigned to
your MDM server and Fleet has access permissions.
</>
),
},
@ -367,7 +367,7 @@ const MDMStatusModal = ({
<>
The last time Apple reported a profile was assigned
<br />
to this host in Apple Business Manager.
to this host in Apple Business.
</>
),
// Follow current pattern of international time format for dates in UI
@ -440,8 +440,7 @@ const MDMStatusModal = ({
<b>Profile assignment</b>
</p>
<p>
Details about automatic enrollment profile from Apple Business
Manager.{" "}
Details about automatic enrollment profile from Apple Business.{" "}
<CustomLink
text="Learn more"
url={`${LEARN_MORE_ABOUT_BASE_LINK}/abm-issues`}

2
frontend/pages/hosts/helpers.ts
View file

@ -5,7 +5,7 @@ export const getHostStatusTooltipText = (status: string): string => {
return "Online hosts will respond to a live report.";
}
if (status === DEFAULT_EMPTY_CELL_VALUE) {
return "Device is pending enrollment in Apple Business Manager and status is not yet available.";
return "Device is pending enrollment in Apple Business and status is not yet available.";
}
return "Offline hosts won't respond to a live report because they may be shut down, asleep, or not connected to the internet.";
};

5
frontend/utilities/constants.tsx
View file

@ -379,9 +379,8 @@ export const MDM_STATUS_TOOLTIP: Record<
Off: undefined, // no tooltip specified
Pending: (
<span>
Hosts ordered via Apple Business Manager <br /> (ABM). These will
automatically enroll to Fleet <br /> and turn on MDM when they&apos;re
unboxed.
Hosts ordered via Apple Business <br /> (AB). These will automatically
enroll to Fleet <br /> and turn on MDM when they&apos;re unboxed.
</span>
),
};

2
frontend/utilities/endpoints.ts
View file

@ -139,7 +139,7 @@ export default {
// apple mdm endpoints
MDM_APPLE: `/${API_VERSION}/fleet/mdm/apple`,
// Apple Business Manager (ABM) endpoints
// Apple Business (AB) endpoints
MDM_ABM_TOKENS: `/${API_VERSION}/fleet/abm_tokens`,
MDM_ABM_TOKEN: (id: number) => `/${API_VERSION}/fleet/abm_tokens/${id}`,
MDM_ABM_TOKEN_RENEW: (id: number) =>

2
orbit/pkg/update/notifications.go
View file

@ -86,7 +86,7 @@ func (h *renewEnrollmentProfileConfigReceiver) Run(config *fleet.OrbitConfig) er
// we perform this check locally on the client too to avoid showing the
// dialog if the Fleet enrollment profile has not been assigned to the device in
// Apple Business Manager.
// Apple Business.
assignedFn := h.checkAssignedEnrollmentProfileFn
if assignedFn == nil {
assignedFn = profiles.CheckAssignedEnrollmentProfile

12
server/config/config.go
View file

@ -1585,12 +1585,12 @@ func (man Manager) addConfigs() {
man.addConfigString("mdm.apple_scep_cert_bytes", "", "Apple SCEP PEM-encoded certificate bytes")
man.addConfigString("mdm.apple_scep_key", "", "Apple SCEP PEM-encoded private key path")
man.addConfigString("mdm.apple_scep_key_bytes", "", "Apple SCEP PEM-encoded private key bytes")
man.addConfigString("mdm.apple_bm_server_token", "", "Apple Business Manager encrypted server token path (.p7m file)")
man.addConfigString("mdm.apple_bm_server_token_bytes", "", "Apple Business Manager encrypted server token bytes")
man.addConfigString("mdm.apple_bm_cert", "", "Apple Business Manager PEM-encoded certificate path")
man.addConfigString("mdm.apple_bm_cert_bytes", "", "Apple Business Manager PEM-encoded certificate bytes")
man.addConfigString("mdm.apple_bm_key", "", "Apple Business Manager PEM-encoded private key path")
man.addConfigString("mdm.apple_bm_key_bytes", "", "Apple Business Manager PEM-encoded private key bytes")
man.addConfigString("mdm.apple_bm_server_token", "", "Apple Business encrypted server token path (.p7m file)")
man.addConfigString("mdm.apple_bm_server_token_bytes", "", "Apple Business encrypted server token bytes")
man.addConfigString("mdm.apple_bm_cert", "", "Apple Business PEM-encoded certificate path")
man.addConfigString("mdm.apple_bm_cert_bytes", "", "Apple Business PEM-encoded certificate bytes")
man.addConfigString("mdm.apple_bm_key", "", "Apple Business PEM-encoded private key path")
man.addConfigString("mdm.apple_bm_key_bytes", "", "Apple Business PEM-encoded private key bytes")
man.addConfigBool("mdm.apple_enable", false, "Enable MDM Apple functionality")
man.addConfigInt("mdm.apple_scep_signer_validity_days", 365, "Days signed client certificates will be valid")
man.addConfigString("mdm.apple_vpp_app_metadata_api_bearer_token", "", "Apple Connect JWT, used for accessing VPP app metadata directly from Apple")

8
server/datastore/mysql/apple_mdm.go
View file

@ -4208,8 +4208,8 @@ func (ds *Datastore) GetMDMAppleBootstrapPackageBytes(ctx context.Context, token
func (ds *Datastore) GetMDMAppleBootstrapPackageSummary(ctx context.Context, teamID uint) (*fleet.MDMAppleBootstrapPackageSummary, error) {
// NOTE: Consider joining on host_dep_assignments instead of host_mdm so DEP hosts that
// manually enroll or re-enroll are included in the results so long as they are not unassigned
// in Apple Business Manager. The problem with using host_dep_assignments is that a host can be
// assigned to Fleet in ABM but still manually enroll. We should probably keep using host_mdm,
// in Apple Business. The problem with using host_dep_assignments is that a host can be
// assigned to Fleet in AB but still manually enroll. We should probably keep using host_mdm,
// but be better at updating the table with the right values when a host enrolls (perhaps adding
// a query param to the enroll endpoint).
stmt := `
@ -4266,8 +4266,8 @@ func (ds *Datastore) GetHostBootstrapPackageCommand(ctx context.Context, hostUUI
func (ds *Datastore) GetHostMDMMacOSSetup(ctx context.Context, hostID uint) (*fleet.HostMDMMacOSSetup, error) {
// NOTE: Consider joining on host_dep_assignments instead of host_mdm so DEP hosts that
// manually enroll or re-enroll are included in the results so long as they are not unassigned
// in Apple Business Manager. The problem with using host_dep_assignments is that a host can be
// assigned to Fleet in ABM but still manually enroll. We should probably keep using host_mdm,
// in Apple Business. The problem with using host_dep_assignments is that a host can be
// assigned to Fleet in AB but still manually enroll. We should probably keep using host_mdm,
// but be better at updating the table with the right values when a host enrolls (perhaps adding
// a query param to the enroll endpoint).
stmt := `

2
server/datastore/mysql/apple_mdm_test.go
View file

@ -1031,7 +1031,7 @@ func testIngestMDMAppleIngestAfterDEPSync(t *testing.T, ds *Datastore) {
require.NoError(t, err)
require.NotEmpty(t, abmToken.ID)
// simulate a host that is first ingested via DEP (e.g., the device was added via Apple Business Manager)
// simulate a host that is first ingested via DEP (e.g., the device was added via Apple Business)
n, err := ds.IngestMDMAppleDevicesFromDEPSync(ctx, []godep.Device{
{SerialNumber: testSerial, Model: testModel, OS: "OSX", OpType: "added"},
}, abmToken.ID, nil, nil, nil)

2
server/fleet/app.go
View file

@ -200,7 +200,7 @@ type MDM struct {
// the server starts.
AppleBMEnabledAndConfigured bool `json:"apple_bm_enabled_and_configured"`
// AppleBMTermsExpired is set to true if an Apple Business Manager request
// AppleBMTermsExpired is set to true if an Apple Business request
// failed due to Apple's terms and conditions having changed and need the
// user to explicitly accept them. It cannot be set manually via the
// PATCH /config API, it is only set automatically, internally, by detecting

6
server/fleet/apple_mdm.go
View file

@ -159,7 +159,7 @@ func (m MDMAppleDevice) AuthzType() string {
return "mdm_apple_device"
}
// MDMAppleDEPDevice represents an Apple device in Apple Business Manager (ABM).
// MDMAppleDEPDevice represents an Apple device in Apple Business (AB).
type MDMAppleDEPDevice struct {
godep.Device
}
@ -541,10 +541,10 @@ type HostDEPAssignment struct {
// HostID is the id of the host in Fleet.
HostID uint `db:"host_id" json:"-"`
// AddedAt is the timestamp when Fleet was notified that device was added to the Fleet MDM
// server in Apple Busines Manager (ABM).
// server in Apple Busines Manager (AB).
AddedAt time.Time `db:"added_at" json:"added_at"`
// DeletedAt is the timestamp when Fleet was notified that device was deleted from the Fleet
// MDM server in Apple Busines Manager (ABM).
// MDM server in Apple Busines Manager (AB).
DeletedAt *time.Time `db:"deleted_at" json:"deleted_at"`
// ABMTokenID is the ID of the ABM token that was used to make this DEP assignment.
ABMTokenID *uint `db:"abm_token_id" json:"abm_token_id"`

2
server/fleet/datastore.go
View file

@ -1776,7 +1776,7 @@ type Datastore interface {
SaveCAConfigAssets(ctx context.Context, assets []CAConfigAsset) error
DeleteCAConfigAssets(ctx context.Context, names []string) error
// GetABMTokenByOrgName retrieves the Apple Business Manager token identified by
// GetABMTokenByOrgName retrieves the Apple Business token identified by
// its unique name (the organization name).
GetABMTokenByOrgName(ctx context.Context, orgName string) (*ABMToken, error)

2
server/fleet/hosts.go
View file

@ -397,7 +397,7 @@ type Host struct {
// so we don't need this.
RefetchCriticalQueriesUntil *time.Time `json:"refetch_critical_queries_until" db:"refetch_critical_queries_until" csv:"-"`
// DEPAssignedToFleet is set to true if the host is assigned to Fleet in Apple Business Manager.
// DEPAssignedToFleet is set to true if the host is assigned to Fleet in Apple Business.
// It is a *bool becase we want it to be returned from only a subset of endpoints related to
// Orbit and Fleet Desktop. Otherwise, it will be set to NULL so it is omitted from JSON
// responses.

4
server/fleet/mdm.go
View file

@ -940,10 +940,10 @@ const (
// MDMAssetAPNSCert is the name of the APNs (Apple Push Notifications
// service) private key used by MDM
MDMAssetAPNSCert MDMAssetName = "apns_cert"
// MDMAssetABMKey is the name of the ABM (Apple Business Manager)
// MDMAssetABMKey is the name of the AB (Apple Business)
// private key used to decrypt MDMAssetABMToken
MDMAssetABMKey MDMAssetName = "abm_key"
// MDMAssetABMCert is the name of the ABM (Apple Business Manager)
// MDMAssetABMCert is the name of the AB (Apple Business)
// private key used to encrypt MDMAssetABMToken
MDMAssetABMCert MDMAssetName = "abm_cert"
// MDMAssetABMTokenDeprecated is an encrypted JSON file that contains a token

4
server/fleet/utils.go
View file

@ -32,8 +32,8 @@ func WriteAppleBMTermsExpiredBanner(w io.Writer) {
warningColor.Fprintf(
w,
`Your organization cant automatically enroll macOS hosts until you accept the new terms `+
`and conditions for Apple Business Manager (ABM). An ABM administrator can accept these terms. `+
`Go to ABM: https://business.apple.com/`,
`and conditions for Apple Business (AB). An AB administrator can accept these terms. `+
`Go to AB: https://business.apple.com/`,
)
// We need to disable color and print a new line to make it look somewhat neat, otherwise colors continue to the
// next line

2
server/mdm/apple/apple_bm.go
View file

@ -72,7 +72,7 @@ func SetDecryptedABMTokenMetadata(
// Request.
msg := err.Error()
if authErr.StatusCode == http.StatusUnauthorized {
msg = "The Apple Business Manager certificate or server token is invalid. Restart Fleet with a valid certificate and token. See https://fleetdm.com/learn-more-about/setup-abm for help."
msg = "The Apple Business certificate or server token is invalid. Restart Fleet with a valid certificate and token. See https://fleetdm.com/learn-more-about/setup-abm for help."
}
return ctxerr.Wrap(ctx, &fleet.BadRequestError{
Message: msg,

2
server/mdm/nanodep/docs/operations-guide.md
View file

@ -12,7 +12,7 @@ Note that because the name string is used pervasively in URL API paths you proba
The `depserver` serves two main purposes:
1. Setup & configuration of the DEP name(s) — that is, the locally-named instances that correspond to the DEP "MDM servers" in the Apple Business Manager (ABM), Apple School Manager (ASM), or Business Essentials (BE) portal. Configuration includes uploading the DEP authentication tokens, configuring the assigner, etc. See the "API endpoints" section below for more.
1. Setup & configuration of the DEP name(s) — that is, the locally-named instances that correspond to the DEP "MDM servers" in the Apple Business (AB), Apple School Manager (ASM), or Business Essentials (BE) portal. Configuration includes uploading the DEP authentication tokens, configuring the assigner, etc. See the "API endpoints" section below for more.
1. Accessing the actual DEP APIs using a transparently-authenticating reverse proxy. After you've configured the authentication tokens using the above APIs `depserver` provides a reverse proxy to talk to the Apple DEP endpoints where you don't have to worry about session management or token authentication: this's taken care of for you. All you need to do is use a special URL path and normal API (HTTP Basic) authentication and you can talk to the DEP APIs unfiltered. See the "Reverse proxy" section below for more.
### Switches

12
server/mdm/nanodep/docs/quickstart.md
View file

@ -4,8 +4,8 @@ A guide to getting NanoDEP up and running quickly. For more in-depth documentati
## Requirements
* An Apple Business Manager (ABM), Apple School Manager (ASM), or Business Essentials (BE) login account with at least Device Management permissions/abilities.
* Devices already present in your ABM/ASM/BE system to assign.
* An Apple Business (AB), Apple School Manager (ASM), or Business Essentials (BE) login account with at least Device Management permissions/abilities.
* Devices already present in your AB/ASM/BE system to assign.
* For the [tools](../tools) you'll need `curl`, `jq`, and of course a shell script interpreter.
* Outbound internet access to talk to Apple's DEP APIs.
@ -40,7 +40,7 @@ Note here the "DEP name" of `mdmserver1` is arbitrary and can be anything you li
### Generate and retrieve the DEP token public key
The ABM/ASM/BE portal uses a public key to encrypt the OAuth1 tokens. To generate a new keypair and retrieve the public key (in an X.509 Certificate):
The AB/ASM/BE portal uses a public key to encrypt the OAuth1 tokens. To generate a new keypair and retrieve the public key (in an X.509 Certificate):
```bash
$ ./tools/cfg-get-cert.sh > $DEP_NAME.pem
@ -48,7 +48,7 @@ $ ./tools/cfg-get-cert.sh > $DEP_NAME.pem
Note this should create a new file called "mdmserver1.pem" (or whatever you set `$DEP_NAME` to, above).
### Upload the public key to ABM/ASM/BE
### Upload the public key to AB/ASM/BE
Login to https://business.apple.com/ or https://school.apple.com/ in a browser then navigate to the list of MDM servers. As of July 2022 this is done by navigating to the lower-left menu by clicking on your login name and selecting "Preferences." Under the separator there's a list titled "Your MDM Servers."
@ -56,7 +56,7 @@ Create a new MDM server by clicking the "+" or "Add" button by the list header.
### Download Token
Next, we'll want to download the token. From within the ABM/ASM/BE portal navigate to your newly created (or modified) MDM server. As of July 2022 there's a top menu for the MDM server which contains a button/link to "Download Token." Click this to download the token which should download a file with the extension ".p7m" and named after the MDM server you created: this downloaded token is the encrypted OAuth tokens for DEP access.
Next, we'll want to download the token. From within the AB/ASM/BE portal navigate to your newly created (or modified) MDM server. As of July 2022 there's a top menu for the MDM server which contains a button/link to "Download Token." Click this to download the token which should download a file with the extension ".p7m" and named after the MDM server you created: this downloaded token is the encrypted OAuth tokens for DEP access.
### Decrypt tokens
@ -93,7 +93,7 @@ Otherwise: congratulations! The token exchanged was successful and you can use t
### Assign a device in the portal
Now that we've verified API connectivity using your DEP server you need to assign a device in the ABM/ASM/BE portal. To do so login to the portal and navigate to the "Devices" section. Select (or search for) the device you want to use with DEP by settings its MDM server. As of July, 2022 there is a link/button in the top navigation of a device called "Edit MDM Server" — clicking this brings up a dialog to either assign or un-assign the device. When assigning a drop-menu appears of the setup MDM servers. We'll want to select our newly created server "mdmserver1" then click the "Continue" button. The device should then be assigned to your MDM server and available for a DEP profile to be assigned to it.
Now that we've verified API connectivity using your DEP server you need to assign a device in the AB/ASM/BE portal. To do so login to the portal and navigate to the "Devices" section. Select (or search for) the device you want to use with DEP by settings its MDM server. As of July, 2022 there is a link/button in the top navigation of a device called "Edit MDM Server" — clicking this brings up a dialog to either assign or un-assign the device. When assigning a drop-menu appears of the setup MDM servers. We'll want to select our newly created server "mdmserver1" then click the "Continue" button. The device should then be assigned to your MDM server and available for a DEP profile to be assigned to it.
### Define a DEP Profile and assign a device

2
server/service/client_mdm.go
View file

@ -32,7 +32,7 @@ func (c *Client) GetAppleMDM() (*fleet.AppleMDM, error) {
return responseBody.AppleMDM, err
}
// GetAppleBM retrieves the Apple Business Manager information.
// GetAppleBM retrieves the Apple Business information.
func (c *Client) GetAppleBM() (*fleet.AppleBM, error) {
verb, path := "GET", "/api/latest/fleet/mdm/apple_bm"
var responseBody getAppleBMResponse

4
server/service/integration_android_software_test.go
View file

@ -94,7 +94,7 @@ func (s *integrationMDMTestSuite) TestAndroidAppsSelfService() {
&addAppStoreAppRequest{AppStoreID: "com.valid.app.id"},
http.StatusUnprocessableEntity,
)
s.Assert().Contains(extractServerErrorText(r.Body), "Couldn't add software. \"com.valid.app.id\" isn't available in Apple Business Manager or Play Store. Please purchase a license in Apple Business Manager or find the app in Play Store and try again.")
s.Contains(extractServerErrorText(r.Body), "Couldn't add software. \"com.valid.app.id\" isn't available in Apple Business or Play Store. Please purchase a license in Apple Business or find the app in Play Store and try again.")
// Valid application ID format, but app isn't found: should fail
// Update mock to return a 404
@ -137,7 +137,7 @@ func (s *integrationMDMTestSuite) TestAndroidAppsSelfService() {
&addAppStoreAppRequest{AppStoreID: "com.valid", Platform: fleet.MacOSPlatform},
http.StatusUnprocessableEntity,
)
require.Contains(t, extractServerErrorText(r.Body), "Couldn't add software. \"com.valid\" isn't available in Apple Business Manager or Play Store. Please purchase a license in Apple Business Manager or find the app in Play Store and try again.")
require.Contains(t, extractServerErrorText(r.Body), "Couldn't add software. \"com.valid\" isn't available in Apple Business or Play Store. Please purchase a license in Apple Business or find the app in Play Store and try again.")
// Add Android app
s.DoJSON(

8
server/service/integration_mdm_test.go
View file

@ -11797,7 +11797,7 @@ func (s *integrationMDMTestSuite) TestABMAssetManagement() {
require.Nil(t, tok)
// try to upload an invalid token
s.uploadABMToken([]byte("foo"), http.StatusBadRequest, "Please provide a valid token from Apple Business Manager")
s.uploadABMToken([]byte("foo"), http.StatusBadRequest, "Please provide a valid token from Apple Business")
// enable ABM again
var newABMResp generateABMKeyPairResponse
@ -11830,7 +11830,7 @@ func (s *integrationMDMTestSuite) enableABM(orgName string) *fleet.ABMToken {
require.Equal(t, "CERTIFICATE", block.Type)
// try to upload an invalid token
s.uploadABMToken([]byte("foo"), http.StatusBadRequest, "Invalid token. Please provide a valid token from Apple Business Manager.")
s.uploadABMToken([]byte("foo"), http.StatusBadRequest, "Invalid token. Please provide a valid token from Apple Business.")
// generate a mock token and encrypt it using the public key
testBMToken := &nanodep_client.OAuth1Tokens{
@ -13455,9 +13455,9 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
// Invalid token
dev_mode.SetOverride("FLEET_DEV_VPP_URL", s.appleVPPConfigSrv.URL+"?invalidToken", t)
s.uploadDataViaForm("/api/latest/fleet/vpp_tokens", "token", "token.vpptoken", []byte("foobar"), http.StatusUnprocessableEntity, "Invalid token. Please provide a valid content token from Apple Business Manager.", nil)
s.uploadDataViaForm("/api/latest/fleet/vpp_tokens", "token", "token.vpptoken", []byte("foobar"), http.StatusUnprocessableEntity, "Invalid token. Please provide a valid content token from Apple Business.", nil)
// Attempt to renew an invalid (nonexistent) token, should fail
s.uploadDataViaFormWithVerb("/api/latest/fleet/vpp_tokens/999/renew", "PATCH", "token", "token.vpptoken", []byte(base64.StdEncoding.EncodeToString([]byte("foobar"))), http.StatusUnprocessableEntity, "Invalid token. Please provide a valid content token from Apple Business Manager.", nil)
s.uploadDataViaFormWithVerb("/api/latest/fleet/vpp_tokens/999/renew", "PATCH", "token", "token.vpptoken", []byte(base64.StdEncoding.EncodeToString([]byte("foobar"))), http.StatusUnprocessableEntity, "Invalid token. Please provide a valid content token from Apple Business.", nil)
// Simulate a server error from the Apple API
dev_mode.SetOverride("FLEET_DEV_VPP_URL", s.appleVPPConfigSrv.URL+"?serverError", t)

4
tools/README.md
View file

@ -79,7 +79,7 @@ go run ./tools/mdm/assets import -key=mykey -dir=./assets -name=scep_challenge -
# Send APNS push notification
go run ./tools/mdm/apple/apnspush -mysql localhost:3306 -server-private-key <key> <UUID>
# Query Apple Business Manager
# Query Apple Business
go run ./tools/mdm/apple/applebmapi -mysql localhost:3306 -server-private-key <key> -org-name "My Org"
# Generate app manifest from pkg
@ -248,7 +248,7 @@ go run ./tools/run-scripts -scripts-disabled -content 'echo "Test"'
| `terraform/` | Terraform provider for Fleet teams | `make install && make apply` - See [terraform/README.md](terraform/README.md) |
| **MDM Tools** | | |
| `android/` | Android management API tool | `go run ./tools/android -command <cmd> -enterprise_id <id> -device_id <id>` |
| `mdm/apple/applebmapi/` | Query Apple Business Manager API | `go run ./tools/mdm/apple/applebmapi -mysql localhost:3306 -server-private-key <key> -org-name <org>` |
| `mdm/apple/applebmapi/` | Query Apple Business API | `go run ./tools/mdm/apple/applebmapi -mysql localhost:3306 -server-private-key <key> -org-name <org>` |
| `mdm/apple/appmanifest/` | Generate app manifest XML from .pkg | `go run ./tools/mdm/apple/appmanifest -pkg-file app.pkg -pkg-url https://example.com/app.pkg` |
| `mdm/apple/apnspush/` | Send APNS push to enrolled devices | `go run ./tools/mdm/apple/apnspush -mysql localhost:3306 -server-private-key <key> <HOST_UUID>` |
| `mdm/apple/loadtest/` | MDM load testing | `go run ./tools/mdm/apple/loadtest` |

2
tools/mdm/apple/applebmapi/main.go
View file

@ -1,4 +1,4 @@
// Command applebmapi takes an Apple Business Manager server token in decrypted
// Command applebmapi takes an Apple Business server token in decrypted
// JSON format and calls the Apple BM API to retrieve and print the account
// information or the specified enrollment profile.
//

6
tools/mdm/apple/glossary-and-protocols.md
View file

@ -6,7 +6,7 @@ sequenceDiagram
participant mac as Mac
participant server as fleet server
note over server: Server sends automatic enrollment<br/>endpoint details to ABM as part of a<br/>ADE/DEP configuration cron job
note over server: Server sends automatic enrollment<br/>endpoint details to AB as part of a<br/>ADE/DEP configuration cron job
alt Automatic Authenticated Enrollment
mac->>server: GET /api/v1/fleet/sso<br/>(endpoint configured using ADE)<br/>Opens authetication webpage in a webview
server->>mac: Enrollment Profile (specific response headers)
@ -78,7 +78,7 @@ A method to enroll a device to an MDM server by manually getting and
installing (generally by downloading from a URL) an [enrollment
profile](#enrollment-profile).
### ABM: Apple Business Manager
### AB: Apple Business
Interface to administer Devices and MDM servers, mainly used for [ADE
enrollment](#ade-enrollment).
@ -124,7 +124,7 @@ For [ADE enrollment](#ade-device-enrollment-program) the enrollment profile is d
### ADE profile
This (JSON) profile is used to configure a device in Apple Business Manager.
This (JSON) profile is used to configure a device in Apple Business.
It contains all the necessary information that a device needs to automatically enroll to an MDM server during device setup.
[Example](https://fleetdm.com/example-dep-profile)

12
tools/mdm/apple/toggle-mdm-dev.md
View file

@ -1,6 +1,6 @@
# Using `toggle-mdm-dev` to enable and disable MDM (Mobile Device Management) / ABM (Apple Business Manager) for development
# Using `toggle-mdm-dev` to enable and disable MDM (Mobile Device Management) / AB (Apple Business) for development
1. Set up all of the necessary credentials for using MDM and ABM as outlined in the [MDM setup and
1. Set up all of the necessary credentials for using MDM and AB as outlined in the [MDM setup and
testing
docs](https://fleetdm.com/docs/contributing/testing-and-local-development#mdm-setup-and-testing).
Take note of the path where you've stored these credentials.
@ -23,7 +23,7 @@
export FLEET_MDM_APPLE_APNS_CERT=$MDM_PATH"mdmcert.download.push.pem"
export FLEET_MDM_APPLE_APNS_KEY=$MDM_PATH"mdmcert.download.push.key"
# Apple Business Manager (ABM) credentials
# Apple Business (AB) credentials
export FLEET_MDM_APPLE_BM_SERVER_TOKEN=$MDM_PATH"downloadtoken.p7m"
export FLEET_MDM_APPLE_BM_CERT=$MDM_PATH"fleet-apple-mdm-bm-public-key.crt"
export FLEET_MDM_APPLE_BM_KEY=$MDM_PATH"fleet-apple-mdm-bm-private.key"
@ -46,8 +46,8 @@
file. Source it or open a new shell.
4. Add the directory containing `toggle-mdm-dev`, likely this one, to your $PATH. If you did that by
adding it to your shell config, source it or open a new shell.
5. To toggle MDM and ABM, execute `source toggle-mdm-dev`
6. To enable MDM without ABM set up, comment out the variables in your env file pointing to the
5. To toggle MDM and AB, execute `source toggle-mdm-dev`
6. To enable MDM without AB set up, comment out the variables in your env file pointing to the
various credentials (like below), then `source toggle-mdm-dev` *twice*, to toggle off then back on again, the
MDM feature flag.
@ -65,7 +65,7 @@
# export FLEET_MDM_APPLE_APNS_CERT=$MDM_PATH"mdmcert.download.push.pem"
# export FLEET_MDM_APPLE_APNS_KEY=$MDM_PATH"mdmcert.download.push.key"
# # Apple Business Manager
# # Apple Business
# export FLEET_MDM_APPLE_BM_SERVER_TOKEN=$MDM_PATH"downloadtoken.p7m"
# export FLEET_MDM_APPLE_BM_CERT=$MDM_PATH"fleet-apple-mdm-bm-public-key.crt"
# export FLEET_MDM_APPLE_BM_KEY=$MDM_PATH"fleet-apple-mdm-bm-private.key"