This payload, when installed, will attempt to enroll the device into an MDM server.
Identity Certificate UUID
UUID of the certificate payload for the device’s identity. It may also point to a SCEP payload.
The topic that MDM will listen to for Push notifications. The certificate that the server uses to send push notifications must have the same topic in its subject.
The URL that the device will contact to retrieve device management instructions.
Must begin with the https:// URL scheme, and may contain a port number (:1234, for example).
Optional. An array of strings indicating server capabilities. If the server manages OS X devices or a shared iPad, this field is mandatory and must contain the value com.apple.mdm.per-user-connections. This indicates that the server supports both device and user connections.
If set, each message coming from the device will carry the additional HTTP header Mdm-Signature
Check In URL
The URL that the device will use to check in during installation. If this URL is not given, the ServerURL will be used for both purposes.
Check Out when removed
If true, the device attempts to send a CheckOut message to the check-in server when the profile is removed. Defaults to false. Note: OS X v10.8 acts as though this setting is always true.
Logical OR of several bit-flags. If 2 is specified, then 1 must also be specified. If 128 is specified, then 64 must also be specified.
MDM Access Rights can be constructed from a bitmask by ORing the following values:
- 1: Allow inspection of installed configuration profiles.
- 2: Allow installation and removal of configuration profiles.
- 4: Allow device lock and passcode removal.
- 8: Allow device erase.
- 16: Allow query of Device Information (device capacity, serial number).
- 32: Allow query of Network Information (phone/SIM numbers, MAC addresses).
- 64: Allow inspection of installed provisioning profiles.
- 128: Allow installation and removal of provisioning profiles.
- 256: Allow inspection of installed applications.
- 512: Allow restriction-related queries.
- 1024: Allow security-related queries.
- 2048: Allow manipulation of settings. Availability: Available in iOS 5.0 and later. Available in OS X 10.9 for certain commands.
- 4096: Allow app management. Availability: Available in iOS 5.0 and later. Available in OS X 10.9 for certain commands.
- May not be zero. If 2 is specified, 1 must also be specified. If 128 is specified, 64 must also be specified.