Intune doesn't show sync when uses kiosk autostart profile - mdm

Goal
We want to use Intune MDM to create kiosk devices with multiple applications. To set up the devices, we use Autopilot with a SelfDeployment profile. The device will be assigned a Kiosk profile with auto-enrollment enabled.
Problem
Setting up the devices works without any problems and also new apps or changes are synchronized, but we do not get any feedback in intune if changes were successful or not. So to speak, there is only a one-sided synchronization.
For example, we can successfully update an application after a successful setup, but Intune always shows us the old version.
We know that the autostart function creates a local user and logs in with it and logically this user cannot synchronize. But is this intentional or are we missing something here?
If you guys need any information, please let me know.

Related

How to enable read_stream in Desktop Server App

We have an App which is intended to run on a LAN reading a company's own feed and producing local reports with it.
In order to do this I need to enable read_stream but I note that this is not possible without submitting an App for Review.
However in order to do this I need to choose a platform. I am only able to choose between ios/andrioid/Windows App/App on Facebook/Website/Page Tab/XBox/Playstation
A Windows Server is none of these. I looked at Windows App, but this is asking for a Windows Store ID - we do not particularly want to put this in the Windows Store. We just need to turn on read_stream.
Also, I see that the Review Submission requires a minimum of 4 screen shots. This seems a bizarre thing to have to provide for a Windows Service.
Any ideas how I can navigate all this red tape ?

Automatic OTA updates in an ios app which is locked down with guided access

My client needs to find a way to automatically push app updates to a number of iphone 3gs devices remotely. These devices will be in guided access mode so the users will only be able to access the app in question.
I believe we have two option for distribution:
B2B custom app via the Volume Purchase Program
In-house app released with the Apple Enterprise Program
Having researched our options I can see that over the air app updates can be achieved by either:
Building an in-app update functionality to check for new updates (Enterprise only I am guessing?) and automatically update and restart the app
Using an MDM such as http://www.air-watch.com/ (as I understand Apple Configurator must have devices plugged in via USB to work?)
I am wondering if anyone can tell me whether either of those options are possible with the devices being in guided access mode?
Or are there any other solutions, which I have missed, that can automatically manage the app remotely while the device is in guided access mode?
You can solve this with an Enterprise distributed app.
App only. Update check for an OTA-Update from your app when the app is coming to the foreground (or some other metric at your clients leisure, like added time delay, etc). Basically self explanatory; you implement a call to your clients/your API to check the version and inform the user of a new one. The update can either be optional or mandatory (preferably announced by the API and changed when needed); present the user with an alert about it. The user acts upon it and you OTA install via an ITMS link provided by your API call. And that's it.
MDM. Tbh, I'm a bit on shaky ground here. Theoretically this is all possible via MDM too, however I am not sure if it is the (varying) MDM solutions or some misconfigurations, but clients usually seem to lose control after some time.
Both. Yes, you can perfectly well live with both. MDM while everything is fine, and as a backup a well structured App+API mechanism to push the OTA updates out. This is especially useful if you have customers where some departments are under MDM and others are not. So, some may get it via MDM (and if all else fails via the App itself), the rest will get it via the App.
The tradeoffs are a matter of personal preference, if there is a fully working MDM solution in place the update will be pushed out and the user however 'malicious' can do nothing against it. But the same is true for the 'App only' solution, as you have the option to not let him use the app if he does not update (either by not providing a cancel button or, as you are in an enterprise environment and there it is allowed doing an exit(0)).
From experience I prefer any solution that has the 'App only' option as it is the last fallback if anything on client side fails. Whatever may be added on top is just sugar to the cake.
While not strictly relevant, the 'App only' solution always goes well with Push Notifications when an update came out.

Automated Installation of Configuration Profile

We would like to allow our iPhone application users to access to our secure and protected Wi-Fi hotspots, without having to manually download a configuration profile themselves. From my experience today, users have to either open an email with a profile attached, click on a link or have the app programmatically open up safari in order to download a configuration profile. We’d like to avoid the users having to do anything at all.
To that end, does anyone know if it is possible to have a configuration profile installed automatically on a user’s iPhone, such as when the mobile application is downloaded from the app store? Or is there another mechanism through which we could allow our iPhone users to gain access to our secure Wi-Fi hotspots.
Also, I am curious does anyone know of any companies that have enabled such a solution?
(note there is an older thread on this topic from 2010, which implies that this is not possible. Given it has now been 3 years and that we're on ios 7, I would like to see if the capabilities of iOS has changed.)
There are four ways to deploy configuration profiles:
By physically connecting the device
In an email message
On a webpage
Using over-the air configuration
More on this Document.

Is there a neat way to tell if iPhone/iPad has been set a passcode by user

I have asked this question long before.
I know it maybe impossible, but as far as I know, 'Find my friends' has this features and it works just so well, so I wonder if now there is a neat and legitimate way of doing that.
Just because Apple's Find My Friends app has a feature does not mean the API is publicly available. If this app is not an enterprise app, you can't use private APIs and have your app put on the app store. If it is an enterprise app, you may want to look into setting up a configuration profile for the device. In order to access the VPN for my employer, I had to install a configuration profile (visible in Settings) that requires a passcode to be entered every time I unlock my iPad. Without that, I cannot VPN into their intranet. TestFlight uses a similar approach with profiles to register a device to receive builds. I would check out this link from Apple on setting up these sorts of profiles for enterprise applications: http://www.apple.com/iphone/business/resources/
There's no way to detect this programmatically from within an iPhone SDK-based application. If you need to, you should file an enhancement request with Apple at http://bugreporter.apple.com

Can an iPhone App Be Run as Root?

I am thinking about the design of an iPhone app I'd like to create. One possible problem is that this application will have to run as root (to access certain network ports). In a typical UNIX app, I'd just get the app to run with setuid, but I'm wondering if that is possible with an iPhone app.
I've read this question in Apple's forum, which is discouraging:
http://discussions.apple.com/thread.jspa?threadID=1664575
I understand that Apple wants to limit what a program can do, but there are plenty of good, legitimate reasons for a user to run a program with elevated privileges. I'm not trying to create a hacker tool here.
I'm sure I could get around this on a jail-broken iPhone, but that's not what I'm after. Is there any way to run an app with elevated privileges on an unbroken iPhone?
(BTW, there is no need to warn me about the NDA.)
Section 3.3.4 of the iPhone SDK Agreement suggests that you mustn't work outside your sandbox.
Given that Apple has been somewhat arbitrary on which applications they permit, you should definitely double-check with them before you start developing.
Compared to 2.0.x, the sandbox restrictions have actually increased in 2.1; you can no longer even read from another application's sandbox. So, even if it currently is possible to elevate your app's privileges, it very likely won't be in a future release.
The only options you have is
Run the application as root on the iphone
Set the applications setuid bit and owner root.
I can't see any of them being blessed by Apple.
I guess it depends on what you want to do with the privileges, if you're lucky there might be more fine grained privileges available, but afaik you have to choose a port above 1024.
Doesn't matter one bit if you can do this on your normal desktop computer. The iPhone is not a normal desktop computer.
Unlike a desktop computer, the only way to get an application on the iPhone without a jailbreak is to get it from the App Store. The only way to get on the App Store is to follow Apple's rules, and Apple's rules clearly include "no privilege escalation", "no escaping the sandbox", and "no accessing network ports outside the existing, provided APIs".
What you want to do is not possible.