2.1.2 (Build 2)

Product Name: MDM+ V2.1.2 (Build: 2) GA

Valid on: 2023-09-18


New Features and Improvements





– XSD for ES and TPS Health Checks updated to prevent any possible issues with empty content validation

2.1.1 (Schemas only)


– Apple XSDs updated to support changes expected in iOS 17




– ES and TPS proxies now support the push of current health status to BEM for display on BEM Dashboard

– Added support for mapping proxy log files to the Host

– Added Apple iOS XSDs to support new BEM command for iOS: “Query Application Attributes”

– Updated multiple Apple iOS XSDs to support iOS Rapid Security Response releases

– Updated multiple Apple iOS JSDs and XSDs to support batching of licence requests for VPP applications

– Updated the HITMAN “DefaultApple.xsd” to remove an unused property

– Updated the Convex Agent “GetServerInfoResponse.xsd” to increase compatibility

– Updated Apple JSDs to allow for spaces in version numbers of VPP applications

– Fixed an issue in the HITMAN config.xml where validation could fail due to case sensitivity of expected paths


2.0.0 BETA


– Added support for using HITMAN as High Assurance Gateway

– In HITMAN mode APS, DPS and VPS proxies now respond in XML

– Added new XSDs for use with HITMAN

– Added “Application” zip files ready for upload to HITMAN

– Added XML format sample messages to the build package

– In HITMAN mode ECC signature information now crosses the High Assurance Gateway for verification by the BEM server

– Improved support for configuring tokens and certificates necessary for APS, DPS and VPS proxies by uploading into BEM server




– BCE-3346 – Fixed an issue where refresh DEP devices was failing due to cursor expiry after 7 days of inactivity.




– BCE-3334 – Updated XSD to add optional keys to support Apple’s Rapid security response.

– Update XSDs to support OS Update changes to “ProductKey”. Please refer to XSD change list for further details.




– BCE-3301 : Updated XSD to make ProductKey and ProductVersion optional when sending command to install iOS update

– Updated XSD to increase character limit and add accepted characters to “LocalizedDescription” regex when sending command to install iOS update

– Updated JSD to fix failures when validating the list of DEP-enrolled Devices returned by Apple


1.8.0 (Schemas only)


– Updated XSDs and JSDs to support changes to Apple serial numbers

– Updated XSD to support AppClip response in iOS 16




– Updated XSDs accept iOS Beta releases with numbers.

– Updated XSDs to support iOS Home Screen Configuration




– Updated XSDs to add support for the iOS Public and Developer OS Program, and to add support for very large updates, when scanning for latest iOS releases

– Updated XSDs to add additional support for iPadOS

– Updated XSDs to allow hyphens in Identifier when removing iOS applications

– BCE-3150 – Adjusted regex used in JSD which validates requests to define DEP Profiles for iOS devices




– Added new Health check API to each MDM Proxy which returns the current status to be displayed in BEM

– Added XSDs to support new BEM feature which scans for latest iOS versions available to devices and pushes out updates

– Added and updated XSDs to support new restriction limiting available iOS updates on the device to minor/major version upgrades

– – BCE-3077- Added ability to specify the value ‘Type’ for custom configurations in iOS application collections.

BEM Custom XSD generation was updated to support this.

– Removed AWSPSStatusResponse.json from the JSD package for Android as the message is no longer used.




– Updated Response Type when requesting plist for iOS Enterprise Applications

– Changed Response type when getting initial iOS configuration file, and added XSD for the XML returned




– Increased APNs message expiration value to 28 days. (Please note that it is still within the control of Apple when a request expires and so it may be sooner.)




– Added support for device certificate renewal for Android devices

– Added necessary certificates to maintain trust of Apple proxies

– APNS topic will be updated in BEM when APNS proxy status is queried

– Correctness Checker has been removed

– XSD updates




– Build versions are now used to determine if an iOS enterprise app needs to be upgraded




– Migrated framework to .NET core 3.1

– APS performance improvements

– Traffic between BEM and the APS/DPS/VPS proxies (Apple), or AWSPS proxy (Android), may now optionally be set to use https

– XSD updates for iOS 14

– New JSDs added for Android




– Added support for Android MDM+




– Added support for Enterprise iOS applications.




– DeviceInfoAck XSD has been altered to work with the latest iOS Devices.

– Docker YAML sample file has also been restructured to include WAFs.

– iOS 13 has been tested and is supported.




– TPS and ES now support the use of a SSL certificates issued by a SubCA aswell as a CA.




– iOS Apps can now be configured using key-value pairs within the App Collections. XSDs can be exported from the Collections page in BEM Web and added to the HAG.

– New XSD created to support Personal Hotpot functionality.




– New Sample JSON Schema Definitions have been provided to define the traffic moving between the MDM server and APS, VPS and DPS proxies.

– RequestProfile XSD has been altered to make the IMEI/MEID fields optional to provide support for non cellular devices.

– InstalledApplicationAck XSD altered to match when the device has no apps installed.

– DeviceInfo XSD has also been altered to increase the range on the battery level to match when it is at 100%.




– Content type for TPS traffic has been changed from “text\plain” to “application\xml”.




– DEP Api Changes. Define Profile: Four new values added to skip_setup_items. Check the updated documentation to see any changes.

– XSDs have been added for “Device name change” and “Turn on bluetooth” commands.

– XSD for DeviceSettingsChangeAck has been updated for bluetooth command.




– Moved to .NET Core 2.1




– Added TPS to translate messages from plist xml to standard xml




Minor bug fixes




Added support for ECC




First Beta release of MDM+ which enables a Tier 2 deployment of BEM to manage iOS devices in accordance with architectural principles defined by NCSC.



**NOTE: For detail of changes to XSDs and JSDs between versions please check ‘XSD and JSD Changelog.txt’ included in the release




Known Issues


– If an iOS device with only Wi-Fi connectivity available has been placed into Lost Mode and then subsequently powered off, it may not be possible to disable Lost Mode again. This is because although the device is powered on again it may not be possible to start Wi-Fi without unlocking the screen.





– see Becrypt “MDM+ for BEM Guide”

– see documentation





– As a containerised, stateless deployment there are no upgrades per se.



Supported Operating Systems


– Any OS supporting Docker version 1.13.x or newer with docker secrets.

– iOS 16.6.1



Interoperability with other products


– compatible with BEM 9.1.2



Supported End User Devices


– see documentation for BEM 9.1.2







– 0345 838 2070



We're here to help

Please Contact us

general enquiries

+44 (0) 845 8382050


+44 (0) 345 8382070

Join Our Newsletter

Receive our latest blog posts directly in your inbox!