Configure the MDM server
To configure your MDM server you need to follow the below steps- You need to enroll in iOS Developer Enterprise Pragramm.
- Try to get a signed Certificate Signing Request (CSR) from your MDM vendor .
- Once you have a signed CSR from your vendor, visit identity.apple.com/pushcert and sign in with a verified Apple ID.
- Click "Create a Certificate” and agree to the Terms of Use.
- Select your signed CSR and click upload. After a moment, your certificate will be available for download.
- This certificate can now be uploaded to your MDM server for use with the Apple Push Notification service.
- In your MDM Server you need to implement your Profile Manager ,implement your Push server add the SCEP stack.
MDM protocol Implementation :
In order to implement MDM protocol for iOS managed device, there are some commands which can be send to managed devices via MDM Server
The communication between iOS MDM Client and MDM Server is happening in plist format. So all the commands are sent as Apple Property List (.plist) files.MDM Server to iOS managed device communication format:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Command</key>
<dict>
<key>RequestType</key>
<string>[command name]</string>
.
.
</dict>
<key>CommandUUID</key>
<string></string>
</dict>
</plist>
iOS managed device to MDM Server communication format:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Status</key>
<string>Idle</string>
<key>UDID</key>
<string> [ redacted ] </string>
</dict>
</plist>
Important MDM Commands :
ThDevice Lock:This command locks the managed device.
Erase Device : This command can immediately wipes the device memory and resets it to a factory state.
Clear Passcode:If a passcode is present on the device, this command will clear that passcode.
Security Information:If this command is send to managed iOS device,then the MDM inbuilt client will send the list of specified security-related settings , including hardware encryption capabilities, and whether a passcode is present.
Installed Application List: If this command is send to managed iOS device,then the MDM inbuilt client will send the list of all the applications currently installed on the device.
Device Information: If this command is send to managed iOS device,then the MDM inbuilt client will retrieve a specified general information about the device which includes MAC addresses, IMEI, mobile number, software version, model name and number, serial number and it will send to MDM Server.
Certificate list:If this command is send to managed iOS device,then the MDM inbuilt client will send the list of all all certificates currently installed on the device.
Profile List:This command lists configuration profiles installed on the device.
Provisioning Profile List:This command lists provisioning profiles installed on the device (similar to the Profile list).
Restrictions List:This command lists restrictions currently in effect on the device.
Install Profile: This command is used to install the profile on the devise.
Remove Profile: This command removes the profile from the device.
Install Provisioning Profile:This command installs the profile on the device.
Remove Provisioning Profile:This command removes the provisioning profile from the device, given the profile’s UUID.
No comments:
Post a Comment