locked
[Windows Phone 8.1 MDM] Can not disable Store apps via MDM RRS feed

  • Question

  • I am trying to Block apps using MDM Protocol via Syncml. I am using the same example mentioned in the MDM Protocol document. I observe that the App restriction Deny command is successful with 200 yet the Apps that I block are actually not blocked.

    Here is the Syncml Request:-

    <SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncHdr>
    <VerDTD>1.2</VerDTD>
    <VerProto>DM/1.2</VerProto>
    <SessionID>66</SessionID>
    <MsgID>2</MsgID>
    <Target>
    <LocURI>urn:uuid:xxxxxxxxxxxxxxxxxxxxxxxx</LocURI>
    </Target>
    <Source>
    <LocURI>https://xxxxxxxxxxxxxxx</LocURI>
    </Source>
    <Cred>
    <Meta>
    <Format xmlns="syncml:metinf">b64</Format>
    <Type xmlns="syncml:metinf">syncml:auth-md5</Type>
    </Meta>
    <Data>ypm1x8qHvRU8rwjIJxsJrA==</Data>
    </Cred>
    </SyncHdr>
    <SyncBody>
    <Status>
    <CmdID>1</CmdID>
    <MsgRef>2</MsgRef>
    <CmdRef>0</CmdRef>
    <Cmd>SyncHdr</Cmd>
    <Data>212</Data>
    <TargetRef>https://xxxxxxxxxxxxxxxxxx</TargetRef>
    <SourceRef>urn:uuid:xxxxxxxxxxxxxxxxxx</SourceRef>
    </Status>
    <Replace>
    <CmdID>2</CmdID>
    <Item>
    <Target>
    <LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
    </Target>
    <Meta>
    <Format xmlns="syncml:metinf">chr</Format>
    <Type xmlns="syncml:metinf">text/plain</Type>
    </Meta>
    <Data>
    <![CDATA[<AppPolicy Version="1" xmlns="http://schemas.microsoft.com/phone/2013/policy"> <Deny> <!-- Deny App - Bing News --> <App ProductId="{9c3e8cad-6702-4842-8f61-b8b33cc9caf1}" /> <!-- Deny App - Skype --> <App ProductId="{c3f8e570-68b3-4d6a-bdbb-c0a3f4360a51}" /> </Deny> </AppPolicy>]]></Data>
    </Item>
    </Replace>
    <Final/>
    </SyncBody>
    </SyncML>


    =================================

    Here is the Syncml response:-

    <SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncHdr>
    <VerDTD>1.2</VerDTD>
    <VerProto>DM/1.2</VerProto>
    <SessionID>66</SessionID>
    <MsgID>3</MsgID>
    <Target>
    <LocURI>https://xxxxxxxxxxxxxxxxxxx</LocURI>
    </Target>
    <Source>
    <LocURI>urn:uuid:xxxxxxxxxxxxxxxxxxxxxx</LocURI>
    </Source>
    </SyncHdr>
    <SyncBody>
    <Status>
    <CmdID>1</CmdID>
    <MsgRef>2</MsgRef>
    <CmdRef>0</CmdRef>
    <Cmd>SyncHdr</Cmd>
    <Chal>
    <Meta>
    <Format xmlns="syncml:metinf">b64</Format>
    <Type xmlns="syncml:metinf">syncml:auth-md5</Type>
    <NextNonce xmlns="syncml:metinf">mznIrgPKLI/vkfiKB3o+tjEFhnRm4NDsX0cyeZ4K8vE=</NextNonce>
    </Meta>
    </Chal>
    <Data>212</Data>
    </Status>
    <Status>
    <CmdID>2</CmdID>
    <MsgRef>2</MsgRef>
    <CmdRef>2</CmdRef>
    <Cmd>Replace</Cmd>
    <Data>200</Data>
    </Status>
    <Final/>
    </SyncBody>
    </SyncML>


    I am still able to use Skype application. Could anybody help me here ? Tried it on both device and emulator. The behavior is the same.

    -Bipin

    Friday, August 8, 2014 6:01 AM

All replies

  • Have you configured any other app related settings on the target devices?  ...like the assigned access settings?

    Have you tried removing any unnecessary characters like comments, spaces, and CR/LF?

    Have you checked the raw binary of the payload to look for characters which may not show up in a Unicode aware text viewer?


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    Friday, August 8, 2014 9:28 PM
  • 1. Queried the Assigned Access Xml and got 404 which means the device is not having this setting already. Its a fresh device.

    2. CR/LF characters are all knocked off in the <Data> payload.

    3. There are no extra characters in the payload. Even tried converting the payload string to UTF8.

    The device responds with 200 and if at all something is wrong in the payload, it readily responds with Atomic 507.

    --DFriend

    Saturday, August 9, 2014 7:40 AM
  • Same for me Eric. It is not working.

    I am down to this basic payload.

    <![CDATA[<AppPolicy><Deny><App ProductId="{c3f8e570-68b3-4d6a-bdbb-c0a3f4360a51}"/></Deny></AppPolicy>]]>

    Tried text to binary and binary to unicode as you suggested. I couldn't find anything bad.

    Kindly look into this.

    -Bipin

    Saturday, August 9, 2014 7:53 AM
  • Eric,

    I haven't been able to make it work whole day, have tried all the permutations, kindly look the payload I posted earlier and let me know if there's anything wrong.

    -Bipin

    Sunday, August 10, 2014 1:43 PM
  • We are running into this issue too. The sample given in mdm protocol doc is not working at all.

    Is this device firmware issue?

    Monday, August 11, 2014 11:54 AM
  • Can you outline the steps you are using for this test?

    Have you tried any variation in your test steps?  (...other than changing the SyncML payload.)

    Is the application running, or in the back-stack, at the time you sent the policy?

    If you uninstall the app, either before or after setting the policy, can you then re-install the app? (...after setting the policy.)


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    Monday, August 11, 2014 4:02 PM
  • I don't see anything wrong with your XML but ...Does it make any difference if you wrap the Replace command with: <Atomic></Atomic>?

    Update: 
      ...Actually your inner XML appears to be missing: <xml version="1.0" encoding="utf-8">

    can you try this:

    <Data><Data>&lt;?xml version=&quot;1.0&quot;encoding=&quot;utf-8&quot;?&gt;&lt;AppPolicy  Version=&quot;1&quot;xmlns=&quot;http://schemas.microsoft.com/phone/2013/policy&quot;&gt;&lt;Deny&gt;&lt;App ProductId=&quot;9c3e8cad-6702-4842-8f61-b8b33cc9caf1&quot;/&gt;&lt;App ProductId=&quot;c3f8e570-68b3-4d6a-bdbb-c0a3f4360a51&quot;/&gt;&lt;/Deny&gt;&lt;/AppPolicy&gt;</Data></Data>
    note: make sure it's all one line, no line-breaks.


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.


    • Edited by Eric Fleck Wednesday, August 13, 2014 10:07 PM
    Wednesday, August 13, 2014 9:34 PM