What does NotNow mean?
When an Apple Device cannot perform an Apple MDM command, it will send the NotNow status without performing the command.
The server sends another command that is guaranteed to execute. After sending a NotNow status, the device will poll the server at some future time.
The device will continue to poll the server until a successful transaction is completed. The server does not need to send another push notification in response to this status.
To explain it a bit more concise, the device has some condition that is telling Apple's MDM Protocol that it is busy and to try again later.
NotNow Commands
- DeviceInformation
- ProfileList
- DeviceLock
- EraseDevice
- ClearPasscode
- CertificateList
- ProvisioningProfileList
- InstalledApplicationList
- Restrictions
- Security Information Sample
- Install Profile
- Certificate Profile
Identifying Devices in NotNow state
You can identify devices in Dashboard > Events or Device > GoLive > Events, here is an example:
Remediation of NotNow (macOS)
The remediation of NotNow commands first depends on why the device is responding NotNow.
You can run this command as an example to parse for historic NotNow Events.
You can run the below command using LiveTerminal, Addigy Commands, or other mechanisms like Smart Software.
log show --info --debug --predicate 'process == "mdmclient" && eventMessage CONTAINS[cd] "NotNow"' --style compact |
You may see a log event like this, which indicates why the device is responding to NotNow:
2023-03-03 09:08:29.810 Df mdmclient[30513:2fbdb] [com.apple.ManagedClient:MDMDaemon] [0:MDMDaemon:<0x2fbdb>] Responding 'NotNow' to server request: ProfileList for: <Device> reason: Not supported during DarkWake |
In this condition the device is in DarkWake or Power Nap mode, and as a result will not run this command, and the device should come out of this state to run this command.
NotNow status for iOS and iPadOSDevices
When enabling Advanced Data Protection iCloud on supported devices, it can also cause NotNow events to occur.
NotNow status for macOS specific devices
In macOS, a device may not execute commands, but instead respond with a Not
status during these conditions:
-
The device is running on battery power in Power Nap and the server sends any command other than
Delete
,User Command Device
,Lock Command Erase
,Device Command Restart
,Device Command Shut
,Down Device Command User
,List Command Activation
,Lock Bypass Code Command Clear
, orActivation Lock Bypass Code Command Unlock
.User Account Command -
The server sends an
Install
orProfile Remove
command on the user connection and the user’s keychain is locked.Profile -
The device is blocking the user’s login while it contacts the server and the server sends a request that can take a long time to process; for example,
Installed
.Application List