ADE Profile MDM Certificate vs. MDM Trust Chain

What

Here we want to explain the purpose of this content...i.e. what does this function do?

When/Why

Now that we know what this function is used for, when/why would we use it?

How

We're adding a change in 16.2 regarding DEP/ADE profiles and certificates.

The root cause of DEP profile duplication is that we add MDM server in ADE profile, which is the most secure (device checks if MDM server has the same certificate as the one in ADE profile), but it requires us to recreate profiles when certificate is renewed.

in 16.2, we have new setting to only add trust chain (parent certificates), so enrolment will work, but device will not verify the cert (cert must still be valid, but device won't verify it's the same cert). It's a bit less secure but still secure (unless someone has a way to create his own cert with your fqdn). But this allows us to not recreate ADE profiles each time we renew certificates, because it's not required anymore.

Insert here links to any articles that relate to this content.

ADE Profile MDM Certificate vs. MDM Trust Chain

What

When/Why

How

Related Content