1.3 Overview
The Mobile Device Management Protocol is a client/server protocol that is used to manage mobile devices that have previously been enrolled into a management service by using the Mobile Device Enrollment Protocol (MDE) [MS-MDE2].
MDM supports the following capabilities:
Client and resource configurations
Company policy management
Enterprise application management
Certificate management
Basic inventory and asset management
In this document, the endpoint that initiates the HTTP connection and sends HTTP request messages is referred to as the client. The entity that responds to the HTTP connection request and sends HTTP response messages is referred to as the server.
A device management (DM) session consists of a series of commands exchanged between a DM server and a client. The server sends commands indicating operations to be performed on the client's management tree. The client responds by sending commands that contain the results and any requested status information.
An example of a short DM session would be the following:
A server sends a Get command to a client to retrieve the contents of one of the nodes of the management tree. The client performs the operation and responds with a Result command that contains the requested contents.
A DM session can be divided into two phases:
Setup phase: In response to a trigger event, a client sends an initiating message to a DM server. The client and server exchange needed authentication and client information. This phase is represented by steps 1, 2, and 3 in the following table.
Management phase: The DM server is in control. It sends management commands to the client, and the phone responds. The second phase ends when the DM server stops sending commands and terminates the session. This phase is represented by steps 3, 4, and 5 in the following table.
Step
Action
Description
1
The client task schedule invokes the device management client.
At the scheduled time, the client is invoked periodically to call back to the enterprise management server over HTTPS.
2
The client sends a message, over an IP connection, to initiate the session.
This message includes client information and credentials. The client and server do certificate-based authentication over an SSL channel.
3
The server responds, over an IP connection (HTTPS).
The server sends initial device management commands, if any.
4
The client responds to server management commands.
This message includes the results of performing the specified device management operations.
5
The server terminates the session or sends another command.
The session ends, or step 4 is repeated.