Frage
I am following Apple's guidelines for creating an MDM server, and I want to distribute the MDM profile in OTA. Apple's guidelines for OTA consist of 3 steps:
in total there can be three configuration profiles delivered to the device - first one after authentication to get device info, second one is for SCEP enrollment and last one is the actual MDM profile. The IdentityCertificate key in the MDM payload is mandatory, so from here I assume I need to combine last two profiles to one profile that has SCEP and MDM payloads (and I refer this key to the SCEP payload). I assume the device will first handle the SCEP payload - is this correct?
Moreover, I want the user to be asked to accept the MDM profile, but from Apple's specs it seems the user is requested to approve only the first configuration profile (the one that asks for device info), and the rest of the OTA is without user intervention.
Is this the case? Am I suppose to combine all profiles into one? How can I distribute the MDM profile and have the user be asked to accept it and let the user know what this MDM profile will be able to control?
Thanks, Michal
Lösung
Actually, just combining steps 2 and 3 didn't work for me. I rather had to duplicate step 2 and include additional SCEP payload into configuration profile on step 3. I'm not sure what is the reasoning behind this, but this approach was also confirmed here .
As for user accepting MDM profile, iOS does ask user before installing MDM config profile.
https://stackoverflow.com/questions/13726154
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian