Jamf Nation Community

healthcareaa · ‎04-19-2023

Hello,

We are having issues enrolling BYOD devices in Jamf Pro using Account-driven BYOD Enrollment.

We are following the instructions on Jamf documentation but we are receiving an error for any Managed AppleID that tries to sign in:

"Your Apple ID does not support the expected services on this device. Contact your administrator to sign in"

All of our Apple IDs are managed and the domain is setup in Apple Business Manager. We have a ticket open with Jamf Support but wondering if anyone else has had this issue.

Current configuration:

This has worked before. We had these settings turned off for a while while we investigated (about 1.5 months).

iPhone 13 Pro Max running iOS 16.4.1.

Jordy-Thery · ‎04-19-2023

Did you verify the domain ownership in Apple Business Manager & upload the json file to your webserver (as described here: https://docs.jamf.com/10.41.0/jamf-pro/documentation/Account-Driven_User_Enrollment_for_Personally_O...)?

healthcareaa · ‎04-19-2023

I don't understand the need for a web server...

It's strange that Jamf and Apple would ask their customers to do this on their own. This has worked before without a web server setup.

Jordy-Thery · ‎04-19-2023

It's an Apple requirement, nothing Jamf specific but yes. You need to upload a file named 'com.apple.remotemanagement' (with the correct content) to the /.well-known/ folder in the root directory of the website of which you verified the domain in ABM.

If you run this terminal command:

curl -I https://yourcompanysite/.well-known/com.apple.remotemanagement

You need to receive an HTTP/1.1 200 OK and the content type needs to be Content-Type: application/json

Once that is ok your account driven enrollment should work.

healthcareaa · ‎04-19-2023

Thanks for the info. Just in disbelief that this is a requirement at all from Apple.

ajamfadmin1810 · ‎09-19-2023

Where can we host this? in AWS? Running into this same issue

markdmatthews · ‎04-05-2024

Anyone using a landing-page to allow users to pick what environment to enroll?

MPHEGGELO · ‎07-11-2024

We are having the same dilema as our web host does not allow the option to host the required JSON file and we are trying to find a solution/ Apple is of no help. How does one host this file outside of the web site host and have it work? I am find little or nothing and we cannot be the only ones with the issue. I am not savvy in the way of hosting and web tech.

hmn · ‎07-19-2024

We are hosting it on AWS on an S3 bucket in the respective subfolder and make it available via Cloudfront.
Check this: https://www.youtube.com/watch?v=vohNJkr52U8
Starts at 12:20 and the next 30sec explain what to do.

MPHEGGELO · ‎09-30-2024

But do you host your website with Cloudfront as well? Does the video cover re-directs?

cx-admin · ‎09-25-2024

I am able to host the json file, and get the `

curl -I https://yourcompanysite/.well-known/com.apple.remotemanagement`

return with 200 response and application/json but it still shows user error

"Your Apple ID does not support the expected services on this device. Contact your administrator to sign in"

I tripple checked the user-driven account enrollment is ENABLED. anyone has any idea what else went wrong?

MPHEGGELO · ‎10-10-2024

Such a blocker for BYOD....

MPHEGGELO · ‎10-10-2024

BTW, the video says we do this and this, with no real details

Jamf Nation Community

Account-driven BYOD Enrollment Failing