3.1 IDiscoveryService Server Details
Figure 4: MDE device enrollment: resolving the DS and discovering the ES
The IDiscoveryService DS in MDE hosts an endpoint to receive messages from the enrollment client. When a Discover request message (section 188.8.131.52.1.1) is received from the client, the server processes the request and returns a DiscoverResponse message (section 184.108.40.206.1.2) to the client. The response identifies the endpoints to be used by the client to obtain the security tokens and enroll via the ES. After the response message is sent to the client, the server returns to the waiting state.
The following diagram shows the role of the server in resolving the Discovery Service (DS) for the enrollment client:
Figure 5: Role of server in resolving the DS
As a prerequisite for enabling the enrollment client to discover the Discovery Service (DS), the administrator MUST configure the DNS, such that the name "EnterpriseEnrollment.[User's Domain]" resolves to the Discovery Service (DS). The enrollment client extracts the domain suffix from the email address of the enrolling user and prepends it with the DNS to construct the address for the DS. For example, if the email address for the user is "firstname.lastname@example.org", the enrollment client extracts the domain suffix "contoso.com" and prepends it with the DNS to construct the DS address "EnterpriseEnrollment.contoso.com".
In the example, the full URL sent by the client to the DS is "https://EnterpriseEnrollment.contoso.com/EnrollmentServer/Discovery.svc".
The path portion of the URL "/EnrollmentServer/Discovery.svc" is always constant.