Kaspersky Security Center

Deploying a system for management using iOS MDM protocol

8 April 2024

ID 64664

Kaspersky Security Center allows you to manage mobile devices running iOS. iOS MDM mobile devices refer to iOS mobile devices that are connected to an iOS MDM Server and managed by an Administration Server.

Connection of mobile devices to an iOS MDM Server is performed in the following sequence:

  1. The administrator installs iOS MDM Server on the selected client device. Installation of iOS MDM Server is performed using the standard tools of the operating system.
  2. The administrator retrieves an Apple Push Notification Service (APNs) certificate.

    The APNs certificate allows Administration Server to connect to the APNs server to send push notifications to iOS MDM mobile devices.

  3. The administrator installs the APNs certificate on the iOS MDM Server.
  4. The administrator creates an iOS MDM profile for the user of the iOS mobile device.

    The iOS MDM profile contains a collection of settings for connecting iOS mobile devices to Administration Server.

  5. The administrator issues a shared certificate to the user.

    The shared certificate is required to confirm that the mobile device is owned by the user.

  6. The user clicks the link sent by the administrator and downloads an installation package to the mobile device.

    The installation package contains a certificate and an iOS MDM profile.

    After the iOS MDM profile is downloaded and the iOS MDM mobile device is synchronized with the Administration Server, the device is displayed in the Mobile devices folder, which is a subfolder of the Mobile Device Management folder in the console tree.

  7. The administrator adds a configuration profile on the iOS MDM Server and installs the configuration profile on the mobile device after it is connected.

    The configuration profile contains a collection of settings and restrictions for the iOS MDM mobile device, for example, settings for installation of applications, settings for the use of various features of the device, email and scheduling settings. A configuration profile allows you to configure iOS MDM mobile devices in accordance with the organization's security policies.

  8. If necessary, the administrator adds provisioning profiles on the iOS MDM Server and then installs these provisioning profiles on mobile devices.

    Provisioning profile is a profile that is used for managing applications distributed in ways other than through App Store®. A provisioning profile contains information about the license; it is linked to a specific application.

In this section

Installing iOS MDM Server

Installing iOS MDM Server in silent mode

iOS MDM Server deployment scenarios

Simplified deployment scheme

Deployment scheme involving Kerberos constrained delegation (KCD)

Receiving an APNs certificate

Renewing an APNs certificate

Configuring a reserve iOS MDM Server certificate

Installing an APNs certificate on an iOS MDM Server

Configuring access to Apple Push Notification service

Issuing and installing a shared certificate on a mobile device

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.