Return to Service

Overview

Return to service is a feature released by Apple in iOS 17, as a part of the Device Wipe commands already available. It allows for a device to retain a wifi profile while completely wiping all other data. In the past, wiped devices required human interaction to connect them to wifi upon the next setup. With Return to Service that is no longer a requirement. Devices can now be wiped and sent through the setup assistant with no human interaction at all.

Requirements

You can view an in depth description of the keys available for this command from Apple here

The available keys for this workflow are:

enabled - This must be set to True in order to utilize Return to Service

WiFiProfileData- a base64 encoded Wifi profile must be provided in the call, assuming that the device is not attached via ethernet. You can base64 encode a profile utilizing the following command:

base64 < "$PathToProfile"

MDMProfileData- This is not required if the device is enrolled through Automated Device Enrollment. Only utilize key if the device is enrolled through a separate method (User initiated enrollment for example)

Example

Documentation for the necessary endpoint can be found here

Below is an example body for the return to service command:

#!/bin/bash

curl --request POST \
--url "$url"/api/v2/mdm/commands \
--header  "Authorization: Bearer $access_token" \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
	"clientData": [
		{
			"managementId": "b3b2ba67-1632-4eaf-bd1c-885a34fa456a"
		}
	],
	"commandData": {
		"commandType": "ERASE_DEVICE",
		"returnToService": {
			"enabled": true,
			"wifiProfileData": "'$base64wifi'"
		}
	}