Installing Apple MDM profile

When the user has been directed to the DME Apple MDM Enrollment web page, he or she is presented with the following page containing instructions and two links:

1. The user should first tap link no. 1 to install the DME Apple MDM root certificate on the device. This root certificate is self-signed and auto-generated by DME for the purpose of signing any profiles distributed by DME, including the main MDM profile. If the user omits this step, all profiles distributed by DME will be Unsigned (but still valid).

   After tapping the link, the user should tap the Install button and complete the installation. Note that the user will also need to enter his or her device passcode when accepting the installation of certificates and profiles.

   

2. To complete the enrollment, the user must now go back to the DME Apple MDM Enrollment web page and tap link no. 2 to install the DME Mobile Device Management profile. This will initiate a SCEP communication session, through which the device receives a certificate generated by the DME Apple MDM server. This certificate establishes the trust between server and device, enabling the silent installation of configuration and provisioning profiles and the execution of MDM actions.

   After tapping the link, the user should complete the installation process.

   Please note: On some devices, the certificate appears to be Not trusted and Unsigned. This is due to a quirk in iOS and has no practical importance for the security of DME.

   

   When tapping Install, the DME MDM server and the device will communicate using SCEP. It will proceed through the following actions:

   • Generating Key
   • Enrolling Certificate
   • Installing Profile

   Finally, the following screen is shown to indicate that the installation is complete.

   

Tap Done. Profiles can be inspected in Settings > General > Profiles on the device.