Windows 8.1 MDM enrollment

Question

HI,

  Is it compulsory to have authType for WIndows 8.1 MDM client  to be federated?

Is there any way i can provide Security Token in Authtype as inpremise?

Thanks

Keshav

Answer 1

Hello Keshav,
                    Thank you for your inquiry about MDM protocol. One of the Open specifications team member will contact you shortly.

 
Regards,
Sreekanth Nadendla
Microsoft Windows Open specifications

Answer 2

Hi Keshav,

I am looking into this and will follow-up.

Thanks,

Edgar

Answer 3

Yes, the specification states the AuthPolicy must be set to “federated”, as expected by the current Windows 8.1 MDM client.

MS-MDE

3.1.4.1.3.2   DiscoveryResponse

AuthPolicy: The value of <AuthPolicy> MUST be the string "federated".

Thanks,

Edgar

Answer 4

Thanks Edgar.

 We have existing support for Windows Phone 8 and it only has InPremise AuthPolicy. Now to support windows 8.1 we will have to implement federated as well.

Thanks for the efforts.

Keshav

Answer 5

HI Edgar,

   I have a basic questions regarding Federated  Authentication.

Suppose some organization has not setup Federated Authentication. I would like to implement my solution in such a way that Username password authentication is sufficient for them.

Can I somehow achieve authentication part in such a way that it is not dependent on any of the STS module?

Thanks

Keshav

Answer 6

HI Edgar,

   I have a basic questions regarding Federated  Authentication.

Suppose some organization has not setup Federated Authentication. I would like to implement my solution in such a way that Username password authentication is sufficient for them.

Can I somehow achieve authentication part in such a way that it is not dependent on any of the STS module?

Thanks

Keshav

Answer 7

Hi Keshav,

Thank you for your question.  A colleague will contact you to research the issue.

Regards,

Mark Miller | Escalation Engineer | Microsoft Open Protocols Team

Answer 8

Keshav,

The security token received from the STS is used in subsequent steps when interacting with the enrollment service endpoints, see. MS-MDE 1.3 Overview, and 3.2, 3.3, 3.4.

MS-MDE

1.3 Overview

http://msdn.microsoft.com/en-us/library/dn410708.aspx

3.1.4.1.3.2   DiscoveryResponse

http://msdn.microsoft.com/en-us/library/dn392394.aspx

3.2 Interaction with Security Token Service (STS)

3.3 Interaction with X.509 Certificate Enrollment Policy

3.4 Interaction with WS-Trust X.509v3 Token Enrollment

Thanks,

Edgar

Answer 9

I am developing MDM solution for Windows phone 8.1. I am stuck at enrollment process. I have gone through MS-MDE document but steps are not clear to me. I am new to windows environment for such enrollment and still learning so my question would be little naive . As I could see from comments below many have succeeded in the enrollment process. I have posted question regarding same but have no answers yet so decided to post comment. Hopefully will get response back. can anyone simply enrollment steps for WP8.1 ?

Answer 10

The purpose of this forum is to support the Open Specifications documentation. You can read about the Microsoft Open Specifications program here,

http://www.microsoft.com/openspecifications/en/us/default.aspx

The library of Open Specification documents is located here,

http://msdn.microsoft.com/en-us/library/dd208104.aspx

It doesn’t appear that you are implementing one of the protocols cited.  Your question may be more applicable to the one of the forums or other resources cited below:

Windows Phone Development forums
http://social.msdn.microsoft.com/Forums/wpapps/en-US/home?category=wpapps

Here’s the protocol document for the phone. This is not under the Open Specs umbrella.

Windows Phone 8 Enterprise Device Management Protocol
http://www.microsoft.com/en-us/download/details.aspx?id=36831

Microsoft’s solution for server side of phone device management:

Managing Windows Phone 8 with Windows Intune
http://www.microsoft.com/en-us/download/details.aspx?id=36174

Enabling Mobile Device Management with Windows Intune
http://technet.microsoft.com/en-us/library/jj733654.aspx

Windows Intune Forums
http://social.technet.microsoft.com/Forums/windows/en-US/home?category=windowsintune

---

Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team