Apple Endpoint Management & User Services.txt

# Use Apple products on enterprise networks
# https://support.apple.com/en-us/HT210060
# kbase last updated on May 18, 2023
#
# If your Apple devices aren't getting Apple push notifications
# https://support.apple.com/en-us/HT203609
# 
# Prepare Your Network or Web Server for iCloud Private Relay
# https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay/
# 
# https://init.itunes.apple.com/bag.xml
# 
# https://captivebehavior.wballiance.com
#
# https://github.com/bradtchapman/jnuc2019


# Last edit: 20231209

_Hostnames_
#  Wildcards and prime top domain roots
*-buy.itunes.apple.com
*-u.itunes.apple.com
*.aaplimg.com
*.appattest.apple.com
*.apple-cloudkit.com
*.apple-livephotoskit.com
*.apps.apple.com
*.apzones.com
*.business.apple.com
*.cdn-apple.com
*.gc.apple.com
*.icloud-content.com
*.icloud.apple.com
*.icloud.com
*.icloud.com.cn
*.itunes.apple.com
*.iwork.apple.com
*.mzstatic.com
*.phobos.apple.com
*.phobos.itunes-apple.com.akadns.net
*.push.apple.com
.*itunes.apple.com\/(enroll|audit)\/(.*)
.*itunes.apple.com\/audit.*
.*itunes.apple.com\/WebObjects\/LZDirectory.woa\/ra\/.*|/directory\/courses\/.*\/feed
.apay.apple.com
.apple.com.edgesuite.net
.apple.news
.asia.apple.com
.corp.apple.com
.euro.apple.com
.icloud.com
.ips.apple.com
.itunes.apple.com
.itunes.com
.mzstatic.com
.news-assets.apple.com
.news.apple.com
.phobos.apple.com
.podcasts.apple.com
.prz.apple.com
.rtlcdn.apple.com


RegEx that should work for wildcard domains, at least for hostnames with letters, numbers, dash or period at the head of the name: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-\.]*[a-zA-Z0-9])\.)example.com

# Domains to match with regex if you can in order to catch all the options
activateiphone[0-9]{1,3}.apple.com
e.g.: 
 • activateiphone1.apple.com
 • activateiphone10.apple.com
 • activateiphone2.apple.com
 • activateiphone3.apple.com
 • activateiphone4.apple.com
 • activateiphone5.apple.com
 • activateiphone6.apple.com
 • activateiphone7.apple.com
 • activateiphone8.apple.com
 • activateiphone9.apple.com

buyiphone[0-9]{1,3}.apple.com
e.g.: 
 • buyiphone1.apple.com
 • buyiphone2.apple.com
 • buyiphone3.apple.com
 • buyiphone4.apple.com
 • buyiphone5.apple.com
 • buyiphone6.apple.com

[0-9]{1,3}-courier.push.apple.com
e.g.: 
 • 19-courier.push.apple.com
 • 26-courier.push.apple.com
 • 41-courier.push.apple.com
 • 44-courier.push.apple.com

gspe[0-9]{1,3}-ssl.ls.apple.com
e.g. 
	• gspe1-ssl.ls.apple.com
	• gspe24-ssl.ls.apple.com
	• gspe35-ssl.ls.apple.com

a(0?0?0?[1-9]|0?0?[1-9][0-9]|0?[1-9][0-9][0-9]|1[0-9][0-9][0-9]|2000)[.]phobos[.]apple[.]com
e.g.: 
 • a568.phobos.apple.com

b(0?0?0?[1-9]|0?0?[1-9][0-9]|0?[1-9][0-9][0-9]|1[0-9][0-9][0-9]|2000)[.]phobos[.]apple[.]com
e.g.: 
 • b568.phobos.apple.com

# Rest of the domains and base domain name in the regex sublist, e.g. phobos.apple.com
a1.v.phobos.apple.com
ab2-so.apple.com
activateiphone.apple.com
agreements-it.apple.com.cn
agreements-ita.apple.com
agreements-itb.apple.com
agreements-pilot.apple.com
agreements-pilot.apple.com.cn
agreements-uata.apple.com
agreements-uatb.apple.com
agreements-uatb.apple.com.cn
agreements.apple.com
agreements.apple.com.cn
aiusw.apple.com
albert-so.apple.com
albert.apple.com
amp-account.itunes.apple.com
amp-api-edge.apps.apple.com
amp-api-edge.music.apple.com
amp-api-preview.apps.apple.com
amp-api-search-edge.apps.apple.com
amp-api-search.apps.apple.com
amp-api.apps.apple.com
amp-api.books.apple.com
amp-api.fitness.apple.com
amp-api.media.apple.com
amp-api.music.apple.com
amp-api.podcasts.apple.com
amp-api.sandbox.apple.com
amp-api.shazam.apple.com
amp-api.videos.apple.com
amp.shazam.com
amsui.apple.com
apay.apple.com
api-edge.apps.apple.com
api-glb-syd.smoot.apple.com
api.apple-cloudkit.com
api.apps.apple.com
api.books.apple.com
api.development.push.apple.com
api.fitness.apple.com
api.music.apple.com
api.podcasts.apple.com
api.push.apple.com
api.shazam.apple.com
app-site-association.cdn-apple.com
app-site-association.networking.apple
appldnld.apple.com
appldnld.apple.com.edgesuite.net
apple-finance.query.yahoo.com
apple.com.edgesuite.net
apple.news
appleid.apple.com
appleid.cdn-apple.com
apps.apple.com
apps.mzstatic.com
appsto.re
asia.apple.com
attwifi.apple.com
audiocontentdownload.apple.com
axm-adm-enroll.apple.com
axm-adm-mdm.apple.com
axm-adm-scep.apple.com
axm-app.apple.com
books.apple.com
bpapi.apple.com
buy.itunes.apple.com
buyiphone.apple.com
c.itunes.apple.com
captive.apple.com
cdn.shazam.com
certs.apple.com
cf.iadsdk.apple.com
client-api.itunes.apple.com
configuration.apple.com
configuration.ls.apple.com
corp.apple.com
courier.push.apple.com
crl.apple.com
crl.entrust.net
crl3.digicert.com
crl4.digicert.com
cssubmissions.apple.com
daf.xp.apple.com
deimos.apple.com
deimos2.apple.com
deimos3.apple.com
deviceenrollment.apple.com
deviceservices-external.apple.com
devimages-cdn.apple.com
diagassets.apple.com
doh.dns.apple.com
download.developer.apple.com
downloaddispatch.itunes.apple.com
du-fuse.itunes.apple.com
du.itunes.apple.com
dzc-metrics.mzstatic.com
euro.apple.com
fba.apple.com
gdata.youtube.com
gdmf.apple.com
genius.itunes.apple.com
gg.apple.com
gnf-mdn.apple.com
gnf-mr.apple.com
gs.apple.com
gsa.apple.com
guzzoni.apple.com
help.apple.com
homesharing.itunes.apple.com
humb.apple.com
iadsdk.apple.com
icloud.com
identity.apple.com
idmsa.apple.com
ig.apple.com
init.itunes.apple.com
init.push.apple.com
iprofiles.apple.com
ips.apple.com
isu.apple.com
itunes.apple.com
itunes.com
itunesconnect.apple.com
itunesu.itunes.apple.com
lcdn-locator.apple.com
lcdn-registration.apple.com
linear.tv.apple.com
mask-api.icloud.com
mask-h2.icloud.com
mask.icloud.com
mdmenrollment.apple.com
mensura.cdn-apple.com
mesu.apple.com
metrics.mzstatic.com
music.apple.com
my.itunes.apple.com
myapp.itunes.apple.com
mzstatic.com
mzsupport.apple.com
news-assets.apple.com
news.apple.com
ns.itunes.apple.com
nwk-unbrick3.apple.com
ocsp.apple.com
ocsp.digicert.cn
ocsp.digicert.com
ocsp.entrust.net
ocsp.verisign.net
ocsp2.apple.com
one.apple.com
oscdn.apple.com
osrecovery.apple.com
p1-u.itunes.apple.com
p2-u.itunes.apple.com
partiality.itunes.apple.com
payments.apple.com
pds-init-prod.ess.apple.com
pds-init.ess.apple.com
phobos.apple.com
play-edge.itunes.apple.com
play.itunes.apple.com
playgrounds-assets-cdn.apple.com
playgrounds-cdn.apple.com
podcasts.apple.com
ppq.apple.com
prz.apple.com
radarsubmissions.apple.com
register.appattest.apple.com
rtlcdn.apple.com
s.mzstatic.com
sb.music.apple.com
sb.tv.apple.com
sc.itunes.apple.com
se-edge.itunes.apple.com
se.itunes.apple.com
se2.itunes.apple.com
search.itunes.apple.com	
secure.me.com
securemetrics.apple.com
serverstatus.apple.com
setup.icloud.com
sf-api-token-service.itunes.apple.com
sitemanager.itunes.apple.com
skl.apple.com
sp.itunes.apple.com
sq-device.apple.com
static.ips.apple.com
storepreview.apple.com
su.itunes.apple.com
suconfig.apple.com
support-uat.apple.com
support.apple.com
support.mac.com
swcdn.apple.com
swcdnlocator.apple.com
swdist.apple.com
swdownload.apple.com
swlocator.apple.com
swpost.apple.com
swscan.apple.com
sylvan.apple.com
sync.itunes.apple.com
tbsc.apple.com
ticketing.apple.com
time-ios.apple.com
time-macos.apple.com
time.apple.com
token.safebrowsing.apple
tv.apple.com
updates-http.cdn-apple.com
updates.cdn-apple.com
upload.appleschoolcontent.com
upp.itunes.apple.com
userpub.itunes.apple.com
uts-api-internal.itunes.apple.com
valid.apple.com
vertexsmb.com
vpp.itunes.apple.com
ws-ee-maidsvc.icloud.com
www.airport.us
www.apple.com
www.appleiphonecell.com
www.ibook.info
www.itools.info
www.thinkdifferent.us
xp-cdn.apple.com
xp.apple.com


_IPs_
17.188.128.0/18
17.188.20.0/23
17.248.128.0/18
17.248.192.0/19
17.249.0.0/16
17.250.64.0/18
17.252.0.0/16
17.57.144.0/22
2403:300:a42::/48
2403:300:a51::/48
2620:149:a44::/48
2a01:b740:a42::/48


_Specific Service URLs_
http://a1.v.phobos.apple.com/us/r1000/000/Diag/STEM_hd.m4v
http://a1.v.phobos.apple.com/us/r1000/000/Diag/STEM_hd.m4v?no-store=true
http://a568.phobos.apple.com/us/r1000/000/Diag/test_8MB.m4v
http://a568.phobos.apple.com/us/r1000/000/Diag/test_8MB.m4v?no-store=true
https://apps.apple.com/us/app/id364709193
https://apps.mzstatic.com/
https://buy.itunes.apple.com/
https://c.itunes.apple.com/WebObjects/MZConnections.woa/wa/createIMix
https://client-api.itunes.apple.com/WebObjects/MZStorePlatform.woa/wa
https://client-api.itunes.apple.com/WebObjects/MZStorePlatform.woa/wa/lookup
https://daf.xp.apple.com/report
https://du-fuse.itunes.apple.com/upload/rich-post-audio
https://du-fuse.itunes.apple.com/upload/rich-post-image
https://du-fuse.itunes.apple.com/upload/rich-post-video
https://gdata.youtube.com/
https://genius.itunes.apple.com/
https://homesharing.itunes.apple.com/
https://itunes.apple.com/
https://itunesu.itunes.apple.com
https://metrics.mzstatic.com/
https://music.apple.com/us/post
https://my.itunes.apple.com
https://myapp.itunes.apple.com/
https://partiality.itunes.apple.com
https://s.mzstatic.com/static
https://se-edge.itunes.apple.com
https://se2.itunes.apple.com
https://search.itunes.apple.com	
https://sf-api-token-service.itunes.apple.com/apiToken
https://sitemanager.itunes.apple.com/WebObjects/DZStudio.woa/wa/getFeedInfo
https://sp.itunes.apple.com
https://support.apple.com
https://sync.itunes.apple.com/BDSync/sync
https://upp.itunes.apple.com
https://userpub.itunes.apple.com
https://www.apple.com/education/itunes-u/
https://www.apple.com/legal/itunes/ww/
https://xp.apple.com