Introduction

A configuration profile is an XML file that allows you to distribute configuration information to iOS-based devices. If you need to configure a large number of devices or to provide lots of custom email settings, network settings, or certificates to a large number of devices, configuration profiles are an easy way to do it.

An iOS configuration profile contains a number of settings that you can specify, including:

There are four ways to deploy configuration profiles:

iOS supports both encrypted and unencrypted profiles. Encrypted profiles guarantee data integrity and protect sensitive policy information from prying eyes. Encrypted configuration profiles are signed with the public key associated with a device’s identity certificate. This public key can be obtained using over-the-air enrollment.

iOS over-the-air enrollment and configuration provides an automated way to configure devices securely within the enterprise. This process provides IT with assurance that only trusted users are accessing corporate services and that their devices are properly configured to comply with established policies. Because configuration profiles can be both encrypted and locked, the settings cannot be removed, altered, or shared with others.

More importantly, for geographically distributed enterprises, an over-the-air profile service allows you to enroll iOS-based devices without physically to connecting them.

The profile service described in this document creates a configuration on the fly; the device then downloads that configuration. The device remembers the enrollment URL so that it can update its configuration from the server in the future if the configuration expires or a VPN connection failure occurs.

This document describes the over-the-air enrollment process. With this process, administrators can instruct users to begin the process of enrollment by providing a URL via email or SMS notification. When users agree to the profile installation, their devices are automatically enrolled and configured in a single session.

Organization of This Document

This document takes you through the process of setting up a server to deliver encrypted custom profiles to iOS-based devices over the air.

This document assumes a basic knowledge of Ruby programming, XML, property lists, and OpenSSL.

See Also

For more information, see the following pages:

Additional information and resources for iOS-based devices in the enterprise are available at http://www.apple.com/iphone/business/ and in the Configuration Profile Reference. This appendix specifies the format of .mobileconfig files for developers who want to create their own tools.