When Apple publishes a major OS update, a small number of users may find their device management solution stops working. In most cases, it’s not really a problem at all, just a licensing condition that needs to be resolved.
Make a diary date for T&Cs and other settings
Apple frequently requests its customers approve new terms and conditions (T&Cs) when major OS updates roll out. You probably needed to accept new T&Cs when you upgraded to iOS 16 or macOS Ventura.
The problem for managed device fleets is that if these aren’t approved, certain features may stop functioning. Fortunately, you can easily get your systems working again in Apple Business Manager.
If you open Apple Business Manager with admin access, you’ll find a setting that lets you accept any newly published T&Cs there. This isn’t such an arduous requirement ,as you won’t be expected to tap away to approve permissions for every device — you must just accept each set of new terms once to approve them across all your managed Apple devices. Another benefit is that your users will not be asked to approve the request themselves on their own device; you will already have approved the new T&Cs from the console.
If you don’t approve, things can go wrong
The problem is that until those T&Cs are approved, you may find your fleet unresponsive, newly purchased app licenses unavailable, or newly added devices invisible in Apple Business Manager. If you’re having any of these problems, it’s worth opening Apple Business Manager in admin mode and ensure you’re up to date with T&C approval. Your admins should have been notified of the change, so it’s not a problem most people will have, though you might still encounter it at times, as new staff enter Mac admin roles, for example.
Once you’ve approved the T&Cs, you should find your MDM system begins to work normally once again, though it may take a little time for the change to proliferate across the system.
There are other permissions Apple admins may need to remember to update each year. Device enrollment, Apple Push Notification (APN) service certificate, and Apps and Books tokens all need attention. In most cases, your MDM system should tell you when such a refresh is required. But even the best systems have failures (often when alerts come as key staffers leave or take new positions); you can rectify the problem by either renewing your APN certificate from the same Apple ID you used to create it in the first place, or by following the instructions in Apple’s MDM server configuration or Apps and Books “server token” guides.
In the latter case, you should find the setting you need to adjust in Preferences>Payments & Billing>My Server Tokens.
The method in the madness
The need to refresh permissions and approve T&Cs may seem a little cumbersome, but there is an opportunity locked inside the process: each time you approve things, you also get a chance to review how permissions are assigned. That’s not a huge issue in terms of device management, as you probably keep tabs on who devices are assigned to, but can provide a little benefit in terms of software licensing, as you may identify licenses you no longer need to assign.
The primary lesson is the same as it usually is — when things go wrong, don’t panic — just check that all your settings are up to date. Device management is just like security, after all, nine times out of 10 the biggest problems revolve around human error. I’s the problems you can’t resolve easily that require you to maintain the skill base you need to keep your systems rolling when something more significant goes awry.