From 57d30b610ac95b7438ab42942d7665e0e35ed8a7 Mon Sep 17 00:00:00 2001 From: Lucas Manuel Rodriguez Date: Mon, 5 Dec 2022 15:25:31 -0300 Subject: [PATCH] Add dep profile to mdm glossary (#8929) --- tools/mdm/apple/glossary-and-protocols.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/tools/mdm/apple/glossary-and-protocols.md b/tools/mdm/apple/glossary-and-protocols.md index b572899df3..791498bcd7 100644 --- a/tools/mdm/apple/glossary-and-protocols.md +++ b/tools/mdm/apple/glossary-and-protocols.md @@ -69,18 +69,25 @@ Resources: An enrollment profile is a [profile](#profile) that contains special directives to enroll a device to an MDM server. -For [DEP enrollment](#dep-device-enrollment-program) this profile is -automatically sent an installed into the device. - For [manual enrollment](#manual-enrollment) the profile needs to be downloaded and installed by the user. +For [DEP enrollment](#dep-device-enrollment-program) the enrollment profile is downloaded from the MDM server specified in the DEP JSON profile (see below), fields `url` and `configuration_web_url`. + +### DEP profile + +This (JSON) profile is used to configure a device in Apple Business Manager. +It contains all the necessary information that a device needs to automatically enroll to an MDM server during device setup. + +Sample: [dep_sample_profile.json](https://github.com/fleetdm/nanodep/blob/main/docs/dep-profile.example.json). +See all fields [here](https://developer.apple.com/documentation/devicemanagement/profile). + ### Commands After a device is enrolled, an MDM server can send commands to be executed in the device (e.g: install an application, shut down the device, etc.) -The server first sends a [push +The server first sends a (optional) [push notification](#apons-apple-push-notification-service), then the device polls the server for the command, processes the command, and reports the command results to the server. @@ -156,7 +163,7 @@ It's composed by three different messages sent by the device to the server. **Authenticate** -When the MDM payload is being installed, the device tries to stablish a +When the MDM payload is being installed, the device tries to establish a connection with the server. This is when the [SCEP](#scep-simple-certificate-enrollment-protocol) exchange takes place.