Hi,
We started to adopt our MDM application for macOS DEP management. As for non-DEP enrollment macOS works as expected. But for DEP one we receive only one TokenUpdate message for device scope. Our test macOS device is part of DEP, because we tested it on MDM systems of other vendors and device was successfuly enrolled.
The structure of our Configuration payload is following (some values are replaced with placeholders):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EncryptedPayloadContent</key>
<data>{encrypted_array_of_payloads}</data>
<key>PayloadOrganization</key>
<string>Matrix42</string>
<key>PayloadDescription</key>
<string>Silverback by Matrix42 MDM profile.</string>
<key>PayloadRemovalDisallowed</key>
<false />
<key>PayloadDisplayName</key>
<string>Silverback by Matrix42 EMM</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadUUID</key>
<string>{GUID}</string>
<key>PayloadIdentifier</key>
<string>{identifier}</string>
<key>PayloadType</key>
<string>Configuration</string>
</dict>
</plist>And EncryptedPayloadContent contains following payload:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>PayloadCertificateFileName</key>
<string>{file_name.p12}</string>
<key>Password</key>
<string>{password}</string>
<key>PayloadContent</key>
<data>{RAW_CERT_DATA}</data>
<key>PayloadOrganization</key>
<string>Matrix42</string>
<key>PayloadDescription</key>
<string>Silverback by Matrix42 MDM Certificate.</string>
<key>PayloadRemovalDisallowed</key>
<false />
<key>PayloadDisplayName</key>
<string>{u_username}</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadUUID</key>
<string>{GUID}</string>
<key>PayloadIdentifier</key>
<string>{Identifier}</string>
<key>PayloadType</key>
<string>com.apple.security.pkcs12</string>
</dict>
<dict>
<key>AccessRights</key>
<integer>8191</integer>
<key>CheckInURL</key>
<string>https://{server}/checkin</string>
<key>IdentityCertificateUUID</key>
<string>{GUID}</string>
<key>ServerURL</key>
<string>https://{server}/mdm</string>
<key>SignMessage</key>
<false />
<key>Topic</key>
<string>com.apple.mgmt.External.{GUID}</string>
<key>UseDevelopmentAPNS</key>
<false />
<key>CheckOutWhenRemoved</key>
<true />
<key>ServerCapabilities</key>
<array>
<string>com.apple.mdm.per-user-connections</string>
</array>
<key>PayloadOrganization</key>
<string>Matrix42</string>
<key>PayloadDescription</key>
<string>Configures Silverback by Matrix42 Device Management.</string>
<key>PayloadRemovalDisallowed</key>
<false />
<key>PayloadVersion</key>
<integer>0</integer>
<key>PayloadUUID</key>
<string>{GUID}</string>
<key>PayloadIdentifier</key>
<string>{Identifier}</string>
<key>PayloadType</key>
<string>com.apple.mdm</string>
</dict>
</array>
</plist>We also experimented with following keys in different combinations and payloads, still we receive only one TokenUpdate, so we can't send payloads for User scope.
<key>UserConfiguration</key>
<true />
<key>NeedsSyncResponse</key>
<true />For authorization we are using ActiveDirectory, and after that user with same credentials is created on device.
Documentation for Mobile Device Management Protocol Reference and Configuration Profile Reference is not so helpful in this case.
Is there somewhere more complete guide or some hints for developing server part of MDM for developing macOS DEP.
