iOS MDM Agent

Question

Created Feb ’16

Replies 3

Boosts 0

Views 3.2k

Participants 4

Good Day All,

I finally have figured out how to get an MDM profile configured and installed on a device, and have a device authenticating and enrolled for management.

I have seen other MDM Vendors using an app, or "agent", from the app store to keep track of other items such as a devices location, or to push notifications to a device to display a message, or what ever the case.

My question is, what is the best practice to use your own app, or "agent", with your own MDM server, to be able to do this? How does one get the UDID (or should one get another unique identifier such as the serial number, or IMEI?) from the app store app to associate with the MDM server so you know which device is which?

To my knowledge it is against Apple's rules to use the UDID within an App Store app, but I read somewhere on a forum that there is an exception with MDM Managed devices, is this really the case?

If one can use the UDID on a managed device, how should one go about getting this information to associate data?

Thanks!

Boost

Answer 1

KMT OP

Feb ’16

>is this really the case?

Yes.

From the docs https://www.apple.com/business/docs/iOS_Enterprise_Deployment_Overview.pdf

"4 Manage

Queries

An MDM server can query devices for a variety of information, including hardware information, such as serial number, device UDID, or Wi-Fi MAC address; as well as software information, such as the iOS version and a detailed list of all apps installed on the device. This information helps to ensure that users maintain the appropriate set of apps."

How, exactly, depends on the specific MDM package in use. Talk to your MDM vendors for details.

0

Answer 2

DTS Engineer OP

Apple

Feb ’16

Your use of the term MDM agent is confusing. Normally we use that to refer to the component of iOS (or OS X) that communicates with the MDM server. We generally use the term MDM console to refer to the UI of the MDM server itself. Typically this is a web page but it’s reasonable to extend the term to encompass an app that talks to the MDM server via some custom network protocol.

Note This terminology is inline with historical management protocols, most notably SNMP.

I’m going to use this terminology in the rest of this response.

To my knowledge it is against Apple's rules to use the UDID within an App Store app, but I read somewhere on a forum that there is an exception with MDM Managed devices, is this really the case?

UDIDs are accessible to the MDM agent (which is part of the OS, and thus not subject to App Store restrictions) and there’s an MDM command that allows the server to get the UDID for the device. The MDM server can expose them to an MDM console in any way it sees fit. What that makes sense kinda depends on your management setup. For example:

In a BYOD environment, it probably makes more sense to refer to user XXX’s device rather than UDID xxx, but you’d want your settings to stick with the user rather than the device.
In a supervised environment, it makes more sense to refer to the device itself.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 3

pkh OP

Apr ’17

Hi,

could you please help in developing my own MDM server?

Like where to start or steps to follow.

I am going to use Java for this purpose.

Thank you in advance.

0