In Xcode, under Signing & Capabilities (Release) for our bundle ID the selected provisioning profile does include the entitlement: com.apple.developer.payment-pass-provisioning However, when we upload a new build to TestFlight, the Build Metadata → Entitlements section for the same bundle ID does not include com.apple.developer.payment-pass-provisioning. Because of this, PKAddPaymentPassViewController does not open in TestFlight builds. This suggests that while the entitlement is enabled for the App ID and visible in Xcode, it may not yet be propagated to App Store Connect’s signing service for TestFlight/App Store builds. Please Note: The Wallet Entitlements team had confirmed that they had granted entitlements for our team and the apple IDs Xcode : 26.0.1 Profile being used: Distribution Profile

Hi everyone, I am attempting to generate an Ad Hoc provisioning profile for my iOS app that includes MusicKit capabilities, but the generated .mobileprovision file consistently lacks the required entitlement, despite the configuration appearing correct in the developer portal. The Issue: I have enabled MusicKit under the "App Services" tab for my App ID. I have saved this configuration, verified it is checked in the UI, and then regenerated and downloaded my provisioning profile. However, when I inspect the internal contents of the .mobileprovision file, the Entitlements dictionary does not contain the com.apple.developer.music-kit key. It only contains the standard keys (Team ID, App ID, etc.). Steps Taken: Created a brand new App ID to rule out legacy data issues. Explicitly enabled "MusicKit" under the App Services tab for this new identifier. Created a fresh Ad Hoc Distribution profile linked to this new ID. Downloaded the profile and inspected the file structure: the MusicKit entitlement is completely absent. Attempted toggling the service off and on, saving, and regenerating the profile multiple times. Has anyone experienced a specific bug where "App Services" (like MusicKit) fail to propagate to the Provisioning Profile generator? Is there a secondary "Capability" (e.g., Media Library) that must also be enabled to trigger the inclusion of the MusicKit entitlement? Any guidance would be appreciated.

Hi Apple Developer Support, We are reaching out to request guidance on a testing constraint we have encountered related to iOS Universal Links and Associated Domains entitlements. As part of aligning with updated recommendations from our authentication provider, we have transitioned our mobile apps to use HTTPS redirect callbacks (Universal Links) instead of custom URI schemes. This works as expected in production and on real physical devices. However, we are encountering a significant issue in our cloud-based device testing environment. When our testing platform re-signs the app to run it on their infrastructure, the re-signing process strips the Associated Domains entitlement from the app bundle. As a result, iOS no longer honors our Universal Links, which breaks the authentication redirect flow — the callback cannot route back into the app after the user authenticates. We have identified a potential workaround that would involve disabling app re-signing in the testing platform, but this requires provisioning under an Apple Enterprise Developer account. This introduces considerable operational complexity, as it would require us to maintain separate signing and distribution paths alongside our existing Apple Developer Program membership. Before pursuing that path, we wanted to understand Apple's perspective on the following: Is there a supported or recommended approach for preserving Associated Domains entitlements when an app is re-signed by a third party (e.g., a cloud testing platform)? Are there any provisioning or entitlement configurations that would allow Universal Links to function correctly in re-signed builds without requiring an Enterprise Developer account? Does Apple have documented best practices for validating Universal Link–based flows in automated or cloud-based testing environments? Are there any alternative deep linking patterns that would be more resilient to re-signing while still meeting App Store and platform security requirements? Any guidance or recommendations from Apple on how to handle this within the bounds of the standard Apple Developer Program would be greatly appreciated. Thank you for your time.

We have an app with the default email entitlement that was granted several years ago. During our latest deployment, we received an error from our pipeline. When testing a manual submission in Xcode, we saw this error: Entitlement com.apple.developer.mail-client not found and could not be included in profile. This likely is not a valid entitlement and should be removed from your entitlements file. We checked the provisioning profile, and the default email entitlement is still present. It is visible on the certificate portal and also in the embedded.mobileprovision file. Can you suggest what we can do to release a new version of our app?

Question based on the https://developer.apple.com/forums/thread/649172 What is the mechanics of using this entitlement? What should be done in the UNNotificationServiceExtension in order to prevent the display of a notification for the user? Just pass an empty UNNotificationContent object to contentHandler or something else?

I'm working on a system extension leveraging endpoint security entitlement. However, while in development, is there a way to continue working and testing locally without having the endpoint security entitlement approved or needing the extension signed. I got these errors running a build: Provisioning profile "Mac Team Provisioning Profile: "com.xxxxx.extension" doesn't include the com.apple.developer.endpoint-security.client entitlement.

Hello everyone can you help me, i have requested main camera access API Enterprise and have got the license to, and i have setting up the project main camera access demo from apple with my new license and have create app bundle and identifier for it but when i tried to deploy it test flight i got some error say "Profile doesn't support Main Camera Access" and "Profile doesn't include the com.apple.developer.arkit.main-camera-access.alow entitlement, even have do it it app Certificates, Identifiers & Profiles and add the additional capability Main Camera Access. can you help me fixing this so that i can use Main Camera Access Entitlement

We had an issue with IDrive Online Backup which has started discussing on the Developer forum at https://developer.apple.com/forums/thread/756904 and as suggested raised a technical support ticket Case-ID: 7747625. At last the old legacy bundle ID prefix changed to to the new Team ID prefix. As a result  one-time loss of keychain data occurs, however we requested and were granted an additional keychain capability that allowed access to keychain data stored under the old legacy prefix, even after transitioning to the new Team ID prefix. We are currently facing a similar challenge with our other application, IBackup. As with the earlier case, we had a mismatch between the App ID prefix and the Team ID, which we resolved by updating the prefix to match the Team ID. Again now encountered a blocker with Keychain data recovery. We have already requested the additional Keychain capability that would allow access to keychain data stored under the old legacy prefix, even after transitioning to the new Team ID prefix. Unfortunately, the team responsible for this has some uncertainty about the process. Please review the details under case 102398017929 and extend this capability to our application to ensure a seamless user experience.

Hi everyone, I applied for CarPlay Entitlements on [Date 4. 26, 2025] using. (*CarPlay Entitlements Case-ID : 13045151) I haven't received any updates or responses regarding my application yet. It's been 7 days since the application. My service requires CarPlay integration with a Black Box device. The primary purpose of this integration is to allow users to configure device settings through CarPlay. Furthermore, we plan to utilize the "Communication" category of Entitlements to notify users of parking incidents detected by the Black Box device while parked. This functionality is crucial for alerting drivers to potential issues affecting their vehicles. Could anyone share their experience with the typical turnaround time for CarPlay Entitlements, especially for applications involving device integration and the "Communication" category? Is this delay normal? Is there any way to check the application status or contact the appropriate team to inquire about its progress? Thank you for any insights or advice you can provide! Sincerely,

Hi everyone, I applied for CarPlay Entitlements on [Date 04. 26, 2024] using CarPlay is Case ID "13045151". I haven't received any updates or responses regarding my application yet. It's been 7 days since the application. My service requires CarPlay integration with a Black Box device. The primary purpose of this integration is to allow users to configure device settings through CarPlay. Furthermore, we plan to utilize the "Communication" category of Entitlements to notify users of parking incidents detected by the Black Box device while parked. This functionality is crucial for alerting drivers to potential issues affecting their vehicles. Could anyone share their experience with the typical turnaround time for CarPlay Entitlements, especially for applications involving device integration and the "Communication" category? Is this delay normal? Is there any way to check the application status or contact the appropriate team to inquire about its progress? Thank you for any insights or advice you can provide! Sincerely,

This is my .entitlements file: Code signing: codesign --sign -vvv --timestamp --options=runtime --force --entitlements ./UES.entitlements -s "Developer ID Application: XXX. (XXXXXXX)" ./UES.app I work fine in the macOS 13.x system, but the "killed" error occurs in macOS11.x. The system log is displayed as follows: (If codesign remove the --entitlements ./UES.entitlements, it will operate normally) 2025-04-21 13:58:27.039638+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:27.039762+0800 0xd5bbf Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:27.039815+0800 0xd5bbf Default 0x0 0 0 kernel: proc 29354: load code signature error 4 for file "UES" 2025-04-21 13:58:27.040720+0800 0xd5bc0 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29354, /Applications/UES.app/Contents/MacOS/UES 2025-04-21 13:58:27.045974+0800 0xd58be Error 0x0 66405 0 CoreServicesUIAgent: [com.apple.launchservices:uiagent] handle LS launch error: {\n Action = oapp;\n AppMimimumSystemVersion = "10.13";\n AppPath = "/Applications/UES.app";\n ErrorCode = "-10826";\n} 2025-04-21 13:58:39.121619+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:39.121832+0800 0xd5e0f Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:39.121861+0800 0xd5e0f Default 0x0 0 0 kernel: proc 29415: load code signature error 4 for file "UES" 2025-04-21 13:58:39.122571+0800 0xd5e10 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29415, /Applications/UES.app/Contents/MacOS/UES 2025-04-21 13:58:46.297915+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:46.298031+0800 0xd5f85 Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:46.298072+0800 0xd5f85 Default 0x0 0 0 kernel: proc 29485: load code signature error 4 for file "UES" 2025-04-21 13:58:46.300248+0800 0xd5f86 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29485, /Applications/UES.app/Contents/MacOS/UES What causes the pattern to be narrow?

This is .entitlements file: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.endpoint-security.client</key> <true/> </dict> </plist> Code signing: codesign --sign -vvv --timestamp --options=runtime --force --entitlements ./UES.entitlements -s "Developer ID Application: XXXX Ltd. (XXXXXX)" ./UES.app When I run it on macOS 13.x, it works fine. If I run the system on macOS 11.x, it reports a "killed" error (if codesign remove --entitlements ./UES.entitlements, Then the startup will not report an error, but the endpoint security rights cannot be used) System log: 2025-04-21 13:58:27.039638+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:27.039762+0800 0xd5bbf Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:27.039815+0800 0xd5bbf Default 0x0 0 0 kernel: proc 29354: load code signature error 4 for file "UES" 2025-04-21 13:58:27.040720+0800 0xd5bc0 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29354, /Applications/UES.app/Contents/MacOS/UES 2025-04-21 13:58:27.045974+0800 0xd58be Error 0x0 66405 0 CoreServicesUIAgent: [com.apple.launchservices:uiagent] handle LS launch error: {\n Action = oapp;\n AppMimimumSystemVersion = "10.13";\n AppPath = "/Applications/UES.app";\n ErrorCode = "-10826";\n} 2025-04-21 13:58:39.121619+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:39.121832+0800 0xd5e0f Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:39.121861+0800 0xd5e0f Default 0x0 0 0 kernel: proc 29415: load code signature error 4 for file "UES" 2025-04-21 13:58:39.122571+0800 0xd5e10 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29415, /Applications/UES.app/Contents/MacOS/UES 2025-04-21 13:58:46.297915+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:46.298031+0800 0xd5f85 Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:46.298072+0800 0xd5f85 Default 0x0 0 0 kernel: proc 29485: load code signature error 4 for file "UES" 2025-04-21 13:58:46.300248+0800 0xd5f86 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29485, /Applications/UES.app/Contents/MacOS/UES May I ask what the reason is?

This is .entitlements file: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.endpoint-security.client</key> <true/> </dict> </plist> Code signing: codesign --sign -vvv --timestamp --options=runtime --force --entitlements ./UES.entitlements -s "Developer ID Application: XXXX Ltd. (XXXXXX)" ./UES.app When I run it on macOS 13.x, it works fine. If I run the system on macOS 11.x, it reports a "killed" error (if codesign remove --entitlements ./UES.entitlements, Then the startup will not report an error, but the endpoint security rights cannot be used) System log: 2025-04-21 13:58:27.039638+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:27.039762+0800 0xd5bbf Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:27.039815+0800 0xd5bbf Default 0x0 0 0 kernel: proc 29354: load code signature error 4 for file "UES" 2025-04-21 13:58:27.040720+0800 0xd5bc0 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29354, /Applications/UES.app/Contents/MacOS/UES 2025-04-21 13:58:27.045974+0800 0xd58be Error 0x0 66405 0 CoreServicesUIAgent: [com.apple.launchservices:uiagent] handle LS launch error: {\n Action = oapp;\n AppMimimumSystemVersion = "10.13";\n AppPath = "/Applications/UES.app";\n ErrorCode = "-10826";\n} 2025-04-21 13:58:39.121619+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:39.121832+0800 0xd5e0f Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:39.121861+0800 0xd5e0f Default 0x0 0 0 kernel: proc 29415: load code signature error 4 for file "UES" 2025-04-21 13:58:39.122571+0800 0xd5e10 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29415, /Applications/UES.app/Contents/MacOS/UES 2025-04-21 13:58:46.297915+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:46.298031+0800 0xd5f85 Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:46.298072+0800 0xd5f85 Default 0x0 0 0 kernel: proc 29485: load code signature error 4 for file "UES" 2025-04-21 13:58:46.300248+0800 0xd5f86 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29485, /Applications/UES.app/Contents/MacOS/UES May I ask what the reason is?

How can I disable Hardened Runtime in Xcode only when signing ad hoc? If I make a new project, Xcode will say Disabling hardened runtime with ad-hoc codesigning. at the beginning of the build logs. However, somehow my project isn't doing this -- it's still hardening the runtime when ad-hoc signing. What should I do to debug this?

I do have background Modes added to Xcode. How can I fix this? Automatic signing failed Xcode failed to provision this target. Please file a bug report at https://feedbackassistant.apple.com and include the Update Signing report from the Report navigator. Provisioning profile "iOS Team Provisioning Profile: com.designoverhaul.bladerunner" doesn't include the com.apple.developer.background-modes entitlement. I emailed Dev Support but they said they cant help. Thank you.

I have been approved for family controls entitlements and see them in my apple certificates for my bundle identifier. I see them listed for Distribution in my Runner, however, when I try to distribute I get the error that I do not have the right permissions. Do I need to get the entitlements for each extension I have as well? I have three extensions that use the family controls.

So I just updated Xcode to 16.3 and updated a project to its recommended build settings which includes "Register App Groups". So I have an outside Mac App Store app that uses app groups. Here we have an action extension. I can't debug it, can't get it to run. Nothing useful in Xcode is displayed when I try... but it looks like a code signing issue when I run and have Console open. So I try to make a provisioning profile manually and set it...didn't work. I noticed now though in signing & capabilities the group id is in red...like it's invalid, or something? This was a "macOS styled" group without the "group." prefix. So am I supposed to switch it to have the group. prefix? It makes the red text go away (no warnings or anything about app groups here, just red text). So if I change it to group. prefix..does that make an entire new container?What happens on app update for installs that don't have group. prefix? Does the system transparently migrate the group? Or Am I supposed to migrate the entire group container to the identifier with group. prefix? Also how does this affect running on older version of macOS? If I go with the "group." prefix to make the red text go away,.. what happens on macOS 11.0? Got a little more than I bargained for here after midnight.

My command line tool with a JIT entitlement is failing to run on Sequoia. 2025-05-26 14:17:09.758 E taskgated-helper[91764:3ab7036] [com.apple.ManagedClient:ProvisioningProfiles] Disallowing DecisionRuleTool because no eligible provisioning profiles found 2025-05-26 14:17:09.758 Df amfid[576:3ab6d6b] /Users/jim/DecisionRuleTool not valid: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=file:///Users/jim/DecisionRuleTool, NSLocalizedDescription=No matching profile found} 2025-05-26 14:17:09.759 Df kernel[0:3ab7031] (AppleMobileFileIntegrity) AMFI: When validating /Users/jim/DecisionRuleTool: 2025-05-26 14:17:09.759 Df kernel[0:3ab7031] mac_vnode_check_signature: /Users/jim/DecisionRuleTool: code signature validation failed fatally: When validating /Users/jim/DecisionRuleTool: 2025-05-26 14:17:09.759 Df kernel[0:3ab7031] proc 91763: load code signature error 4 for file "DecisionRuleTool" 2025-05-26 14:17:09.759 Df kernel[0:3ab7032] (AppleSystemPolicy) ASP: Security policy would not allow process: 91763, /Users/jim/DecisionRuleTool Codesign isn't giving me any clues as to why. It validates. Asking it what the entitlements are on the binary: % codesign --display --entitlements - /Users/joconnor/MACEP-9852-2/tools/detection/DecisionRuleTool Executable=/Users/jim/DecisionRuleTool [Dict] [Key] com.apple.application-identifier [Value] [String] XXXXXXXXX.com.mycompany.drt [Key] com.apple.developer.team-identifier [Value] [String] XXXXXXXXX [Key] com.apple.security.cs.allow-jit [Value] [Bool] true https://developer.apple.com/documentation/Xcode/signing-a-daemon-with-a-restricted-entitlement This makes it look like this may be hopeless, that I can't create a command line took with proper entitlements.

Can someone tell me the applications requirements for using the secure enclave on MacOS? Does the application need to be signed with the secure-enclave entitlement in order to use it? Since this is a restricted entitlement, does my App ID need approval to use it from Apple? Currently I'm building in XCode 16 on Sequoia (15.5) using developer signing. My application is a C/C++ daemon running as plist out of /Library/LaunchDaemons. I have also built it as an application using the instructions here but this has not lead to a solution: https://developer.apple.com/documentation/xcode/signing-a-daemon-with-a-restricted-entitlement/ When I run my application from the command line via sudo signed but without the secure-enclave entitlement enabled in my entitlements file it runs. The first call to: SecAccessControlRef access = SecAccessControlCreateWithFlags( kCFAllocatorDefault, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, kSecAccessControlPrivateKeyUsage, &error); succeeds without error. The call to create the key using: SecKeyRef privateKey = SecKeyCreateRandomKey(attributes, &error); then fails with error: (OSStatus error -50 - Failed to generate keypair) Here are the setup attributes (keySize = 256): CFDictionarySetValue(attributes, kSecAttrKeyType, kSecAttrKeyTypeECSECPrimeRandom); CFDictionarySetValue(attributes, kSecAttrKeySizeInBits, keySize); CFDictionarySetValue(attributes, kSecAttrLabel, keyName); CFDictionarySetValue(attributes, kSecAttrApplicationTag, keyLabel); CFDictionarySetValue(attributes, kSecAttrTokenID, kSecAttrTokenIDSecureEnclave); // Store in the Secure Enclave CFDictionarySetValue(attributes, kSecAttrKeyClass, kSecAttrKeyClassPrivate); CFDictionarySetValue(attributes, kSecAttrAccessControl, access); CFDictionarySetValue(attributes, kSecAttrIsPermanent, kCFBooleanTrue); // persist key across app restarts and reboots CFDictionarySetValue(attributes, kSecAttrCanEncrypt, kCFBooleanTrue); CFDictionarySetValue(attributes, kSecAttrCanDecrypt, kCFBooleanTrue); CFDictionarySetValue(attributes, kSecAttrAccessible, kSecAttrAccessibleWhenUnlockedThisDeviceOnly); CFDictionarySetValue(attributes, kSecReturnPersistentRef, kCFBooleanTrue); When I run the application signed and include the "com.apple.developer.secure-enclave" in my entitlements file it crashes at startup. I believe this is to be expected based on above. How do I proceed such that my application can use the secure enclave correctly?

I'm facing a persistent issue with provisioning profiles not including the com.apple.developer.in-app-purchase entitlement, even though the In-App Purchase capability is clearly enabled in the Developer Portal for my app. What I’ve already done: Confirmed that the In-App Purchase capability is enabled in the App ID configuration Deleted all provisioning profiles locally (~/Library/MobileDevice/Provisioning Profiles) Regenerated both Development and App Store provisioning profiles from scratch Tried Xcode's automatic signing (after properly registering the device) Verified the provisioning profiles via Terminal (security cms -D -i ...) — the IAP entitlement is missing every time Recreated valid distribution and development certificates Cleaned the Xcode project and settings The result: Every attempt to build or archive the app in Xcode returns: Missing entitlement: com.apple.developer.in-app-purchase I've also opened a support case with Apple, but so far I’ve only been redirected to general documentation. Has anyone encountered this recently? Is there a known delay or sync issue on Apple’s side when enabling capabilities? Can the provisioning profile or entitlement data be manually refreshed by Apple? Is there any workaround that worked for you in this situation?