In this post we have listed Most Frequently Asked Questions for IOS MDM
Question: What is iOS MDM?
Answer: iOS MDM is a new suite of functionality, available with the release of iOS4, that gives enterprise additional management capabilities for their iOS devices.
Question: What capabilities does MDM enable for my iOS devices?
Answer: iOS 4’s MDM functionality allows MobileIron to apply, update, and remove configurations, all without end-user participation. Further, device inventory information (device details, configuration information, etc) may be retrieved at any point, without end-user participation. In-house applications may also be provisioned via MDM.
Question: What devices support this new suite of functionality?
Answer: Any device that can run iOS4 can support this new functionality. This means that iPhone 3G, iPhone 3GS, iPhone 4, iPod touch (2nd generation), iPod touch (3rd generation), and iPod touch (4th generation) can support MDM.
Question: What version of iOS4 will my devices need to run in order for the MobileIron solution to manage them via MDM?
Answer: MobileIron will support MDM for iOS4.1 (and higher) devices due to MDM enhancements available in that release.
Question: What is required in order to use these new iOS MDM features?
Answer: You need two key things in order to support iOS MDM on your iOS4 devices:
- An enterprise mobility management solution that supports these new APIs (such as MobileIron’s Virtual Smartphone Platform)
- A valid MDM certificate furnished to you by Apple via their iOS Developer Enterprise Program
Question: What is the iOS Developer Enterprise Program?
Answer: The program performs two key purposes for enterprises:
- iDEP allows enterprises to create certificates that grant them permission to use iOS4’s new MDM functionality to manage iOS devices.
- iDEP also gives members the ability to get access to the information and resources needed to develop and deploy in-house iOS applications to employees within their organizations.
Question: What are the qualifications/requirements for membership in the program?
Answer: Apple requires that companies have a valid DUNS (Dun and Bradstreet) number. You also must have the authority to bind your organization to Apple’s iDEP legal agreement and pay the $299 USD annual fee.
Question: Is there a restriction on the number of employees qualifying companies must have?
Answer: No. There used to be, but companies are no longer required to have a certain number of employees in order to qualify.
Question: What payment methods can I use to pay the iDEP registration fee?
Answer: Only credit card payments are accepted.
Question: Are the program’s terms and conditions negotiable?
Answer: No, they are not.
Question: How do I sign up for the iOS Developer Enterprise Program?
Answer: You can fill out and submit your enterprise’s application at: http://developer.apple.com/programs/ios/enterprise/
Question: How long will it take to get approved for the program?
Answer: Approval delay comprises many factors, but we recommend you apply as soon as possible. Anecdotally, we’ve seen this process take up to a couple weeks, but the approval duration may be shorter.
Question: How long will it take to get a certificate once I am approved for the program?
Answer: Once you’re approved for the program, you’ll need to log into your iDEP account and follow a few simple steps (please see MobileIron Support documentation for more detailed instructions) to generate your MDM certificate. You will be able to get immediate access to your certificate.
Question: How do I apply the certificate to the MobileIron platform?
Answer: Once you’ve retrieved your MDM certificate via your iOS Developer Enterprise Program account, you simply need to upload your cert to your MobileIron system. This can be done via Settings | MDM Preferences. Further technical assistance is available via MobileIron Support documentation.
Question: Do I really need to enroll in this program or can I simply have MobileIron or a 3rd party provide this to me as a service?
Answer: No. Using anyone else’s MDM certificate to manage your iOS devices is in direct conflict with Apple’s stated policies. Apple reserves the right to revoke access to MDM functionality if abuses to this policy occur.
Question: Can I give the certificate to third parties to manage their devices?
Answer: No. Allowing anyone else to manage their iOS devices via your MDM certificate is in direct conflict with Apple’s stated policies. Apple reserves the right to revoke access to MDM functionality if abuses to this policy occur. If you were to share your certificate for this purpose, and Apple were to revoke access to your certificate, you and the party with whom you have shared your MDM certificate will no longer be able to use MDM functionality.
Question: Can I give the certificate to a third party who is in charge of managing my MobileIron VSP and all my iOS devices?
Answer: Yes. You may share your MDM certificate with a 3rd party if the 3rd party in question is not using your MDM certificate for any other purpose than to manage your iOS devices on your behalf. No other sharing of MDM certificates is permitted by Apple.
Question: How does Apple enforce my usage of this MDM certificate?
Answer: iOS MDM functionality leverages Apple’s Push Notification service (APNs) in order trigger all configuration and inventory operations. In order for the MDM management platform (MobileIron’s VSP) to initiate all MDM communications with managed iOS devices, Apple must first be able to authenticate the source of the MDM requests (MobileIron’s VSP). This is done by authenticating your company’s MDM certificate. Without this certificate, MDM will simply not function.
NOTE: With specific regard to MDM’s use of Apple’s APNs infrastructure, messages sent to devices are used for the sole purpose of communicating to the MDM process on iOS devices, and is not used for any user-facing messages, badges, or sounds.
Question: Does Apple’s MDM certificate expire?
Answer: Yes. The certificate expires one year from the date of issue. You will need to be an active member of the iOS Developer Enteprise Program in order to request an updated certificate on or near the expiration of your MDM certificate.
Question: What happens to my MDM-managed iOS devices when the cert expires after a year?
Answer: If you do not request a new MDM certificate and install it onto your MobileIron VSP, all MDM functionality will cease to operate. The MobileIron system can be configured to send you a message when this expiration date is nearing. If the certificate lapses before you are able to install a new one, MDM service will be interrupted.
Question: Will Apple automatically renew my cert?
Answer: No, but the MobileIron VSP can be configured to warn you of this impending expiration date as it nears.
Question: Are there any requirements I should be aware of when renewing this certificate?
Answer: Yes. If you renew your MDM certificate without the same certificate topic as your previous certificate, you will not be able to maintain your VSP’s existing iOS registrations and will need to re-register them following the addition of the new certificate. Please check with MobileIron Support documentation for guidance on how to renew your MDM certificate properly.
Question: Can I request that Apple simply bill my credit card for subsequent years?
Answer: No. You will need to make sure you keep your iOS Developer Enterprise Program membership current.
