With the latest Apple beta releases available for testing, I wanted to bring on-premises customers attention to the important networking changes coming in the fall release.
In addition to manageability and user interface changes, the Apple fall release also includes behind-the-scenes changes that ensure future platform stability.
VMware encourages any administrators for on-premises Workspace ONE Unified Endpoint Management (UEM) systems to validate their readiness for the network changes outlined in this post.
Networks Changes Specific to Fall Release
This fall, Apple is migrating the mdmenrollment.apple.com URL to new networking infrastructure. As a result, the IP resolution changes for mdmenrollment.apple.com will include a broader range of IP addresses.
Therefore, you must ensure there are no connectivity issues to mdmenrollment.apple.com. In addition to the current ACLs, verify connectivity from your Workspace ONE servers to the following IP ranges:
- 248.128.0/17
- 248.192.0/19
- 2620:149:a40::/46
- 2a01:b740:a41::/48
- 2403:300:a41::/48
- 2403:300:a50::/48
Potential Impacts on Workspace ONE UEM
The mdmenrollment.apple.com URL is the Apple API endpoint used by Workspace ONE UEM to interact with Apple Business Manager and Apple School Manager. For that reason, failing to validate readiness for these changes could impact the following functionality:
- Fetching/syncing devices eligible for automated device enrollment
- Working with automated device enrollment profiles
- Class, Roster, and Location sync for Apple School Manager