From f878dea98fb88293a3686e44bcfb891f8e78f98f Mon Sep 17 00:00:00 2001 From: Cyrus Daboo Date: Mon, 8 Dec 2025 12:44:36 -0500 Subject: [PATCH] Release-v26.2 --- README.md | 16 +++++---------- docs/errata.md | 6 ++++++ mdm/commands/application.remove.yaml | 2 +- ...pple.TCC.configuration-profile-policy.yaml | 4 +++- mdm/profiles/com.apple.extensiblesso.yaml | 12 +++++++++++ other/machineinfo.yaml | 20 +++++++++++++++++++ other/skipkeys.yaml | 14 +++++++++++++ 7 files changed, 61 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index b041f50..d0ac4ef 100644 --- a/README.md +++ b/README.md @@ -8,17 +8,11 @@ This release corresponds to the following OS versions | OS | Version | |----------|---------| -| iOS | 26.1 | -| macOS | 26.1 | -| tvOS | 26.1 | -| visionOS | 26.1 | -| watchOS | 26.1 | - -## Important Release Notes - -### Declarative device management related status - -Declarative device management configuration schema now includes a `related-status-items` key to show the relationship between status items and configurations. +| iOS | 26.2 | +| macOS | 26.2 | +| tvOS | 26.2 | +| visionOS | 26.2 | +| watchOS | 26.2 | ## What's Available diff --git a/docs/errata.md b/docs/errata.md index 6d811f1..73ea487 100644 --- a/docs/errata.md +++ b/docs/errata.md @@ -2,6 +2,12 @@ This document lists errata for the YAML schema. This is used when older versions of the schema are incorrect, and a fix was made in later schema to correct the problem. +## macOS 26.2 + +### mdm/commands/remove-application.yaml + +The `remove-application` command was incorrectly marked as disallowed on user enrollments on macOS. It is allowed on user enrollments. + ## iOS 26.1 / tvOS 26.1 ### mdm/profiles/com.apple.homescreenlayout.yaml diff --git a/mdm/commands/application.remove.yaml b/mdm/commands/application.remove.yaml index 0f412dc..4b012ae 100644 --- a/mdm/commands/application.remove.yaml +++ b/mdm/commands/application.remove.yaml @@ -22,7 +22,7 @@ payload: supervised: false requiresdep: false userenrollment: - mode: forbidden + mode: allowed tvOS: introduced: '10.2' accessrights: AllowAppInstallation diff --git a/mdm/profiles/com.apple.TCC.configuration-profile-policy.yaml b/mdm/profiles/com.apple.TCC.configuration-profile-policy.yaml index 28cc739..80a2a9c 100644 --- a/mdm/profiles/com.apple.TCC.configuration-profile-policy.yaml +++ b/mdm/profiles/com.apple.TCC.configuration-profile-policy.yaml @@ -155,7 +155,9 @@ payloadkeys: - key: Accessibility type: presence: optional - content: Specifies the policies for the app via the Accessibility subsystem. + content: Specifies the policies for the app via the Accessibility subsystem. The + ability to grant access by this profile is deprecated as of macOS 26.2, and + will be removed in macOS 27.0. subkeytype: Identity subkeys: *id001 - key: PostEvent diff --git a/mdm/profiles/com.apple.extensiblesso.yaml b/mdm/profiles/com.apple.extensiblesso.yaml index 738b352..aafe57b 100644 --- a/mdm/profiles/com.apple.extensiblesso.yaml +++ b/mdm/profiles/com.apple.extensiblesso.yaml @@ -361,6 +361,18 @@ payloadkeys: - `com.apple.security.pkcs12` - `com.apple.security.acme` - `com.apple.security.scep` + - key: AccessKeyReaderIssuerCertificateUUID + supportedOS: + macOS: + introduced: '26.2' + type: + presence: optional + content: The `PayloadUUID` of a certificate payload for the issuer certificate + of the `Terminal` identity of the access key. Other specifications refer to + the key as the "Reader CA Public Key". The key must be an elliptic curve key. + Required if `NewUserAuthenticationMethods` includes `AccessKey`. The issuer + of the Terminal identity of the access key needs to match this certificate, + otherwise the device fails the authentication. - key: AllowAccessKeyExpressMode supportedOS: macOS: diff --git a/other/machineinfo.yaml b/other/machineinfo.yaml index 43b6820..897f5c9 100644 --- a/other/machineinfo.yaml +++ b/other/machineinfo.yaml @@ -211,6 +211,26 @@ payloadkeys: If `true`, indicates that the server can trigger the device to do a required Platform SSO authentication before enrolling. Available on macOS 26 and later. +- key: MANDATORY_SOFTWARE_UPDATE_REQUIRED + title: Mandatory software update is required + supportedOS: + iOS: + introduced: n/a + macOS: + introduced: '26.1' + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: false + content: |- + If `true`, indicates that the device requires a mandatory software update during Setup Assistant. The MDM server can return a 403 with a `ErrorCodeSoftwareUpdateRequired` error to force the device to update to a specific version instead of the device choosing a version. + + Available on macOS 26.1 and later. notes: - title: '' content: This dictionary is CMS-signed with the device identity certificate. The diff --git a/other/skipkeys.yaml b/other/skipkeys.yaml index f755afc..89b8df9 100644 --- a/other/skipkeys.yaml +++ b/other/skipkeys.yaml @@ -51,6 +51,20 @@ payloadkeys: type: presence: optional content: The key to skip the Action Button configuration pane. +- key: AgeAssurance + title: Skip Age Assurance pane + supportedOS: + iOS: + introduced: '26.2' + macOS: + introduced: n/a + tvOS: + introduced: n/a + visionOS: + introduced: n/a + type: + presence: optional + content: The key to skip the Age Assurance pane. - key: AgeBasedSafetySettings title: Skip Age Based Safety Settings pane supportedOS: