locked
Windows 8.1 MDM enrollment RRS feed

  • Question

  • HI,

      Is it compulsory to have authType for WIndows 8.1 MDM client  to be federated?

    Is there any way i can provide Security Token in Authtype as inpremise?

    Thanks

    Keshav

    Monday, January 6, 2014 6:24 PM

Answers

  • Yes, the specification states the AuthPolicy must be set to “federated”, as expected by the current Windows 8.1 MDM client.

    MS-MDE

    3.1.4.1.3.2   DiscoveryResponse

    AuthPolicy: The value of <AuthPolicy> MUST be the string "federated".

    Thanks,

    Edgar

    • Marked as answer by GUPTAK Thursday, January 9, 2014 12:46 PM
    Tuesday, January 7, 2014 10:45 PM
  • Keshav,

    The security token received from the STS is used in subsequent steps when interacting with the enrollment service endpoints, see. MS-MDE 1.3 Overview, and 3.2, 3.3, 3.4.

    MS-MDE

    1.3 Overview

    http://msdn.microsoft.com/en-us/library/dn410708.aspx

    3.1.4.1.3.2   DiscoveryResponse

    http://msdn.microsoft.com/en-us/library/dn392394.aspx

    3.2 Interaction with Security Token Service (STS)

    3.3 Interaction with X.509 Certificate Enrollment Policy

    3.4 Interaction with WS-Trust X.509v3 Token Enrollment

    Thanks,

    Edgar
    Wednesday, February 5, 2014 8:27 PM

All replies

  • Hello Keshav,
                        Thank you for your inquiry about MDM protocol. One of the Open specifications team member will contact you shortly.

     
    Regards,
    Sreekanth Nadendla
    Microsoft Windows Open specifications

    Monday, January 6, 2014 8:55 PM
  • Hi Keshav,

    I am looking into this and will follow-up.

    Thanks,

    Edgar

    Monday, January 6, 2014 10:38 PM
  • Yes, the specification states the AuthPolicy must be set to “federated”, as expected by the current Windows 8.1 MDM client.

    MS-MDE

    3.1.4.1.3.2   DiscoveryResponse

    AuthPolicy: The value of <AuthPolicy> MUST be the string "federated".

    Thanks,

    Edgar

    • Marked as answer by GUPTAK Thursday, January 9, 2014 12:46 PM
    Tuesday, January 7, 2014 10:45 PM
  • Thanks Edgar.

     We have existing support for Windows Phone 8 and it only has InPremise AuthPolicy. Now to support windows 8.1 we will have to implement federated as well.

    Thanks for the efforts.

    Keshav

    Thursday, January 9, 2014 12:46 PM
  • HI Edgar,

       I have a basic questions regarding Federated  Authentication.

    Suppose some organization has not setup Federated Authentication. I would like to implement my solution in such a way that Username password authentication is sufficient for them.

    Can I somehow achieve authentication part in such a way that it is not dependent on any of the STS module?

    Thanks

    Keshav

    Saturday, February 1, 2014 11:08 PM
  • HI Edgar,

       I have a basic questions regarding Federated  Authentication.

    Suppose some organization has not setup Federated Authentication. I would like to implement my solution in such a way that Username password authentication is sufficient for them.

    Can I somehow achieve authentication part in such a way that it is not dependent on any of the STS module?

    Thanks

    Keshav

    Saturday, February 1, 2014 11:09 PM
  • Hi Keshav,

    Thank you for your question.  A colleague will contact you to research the issue.

    Regards,

    Mark Miller | Escalation Engineer | Microsoft Open Protocols Team

    Sunday, February 2, 2014 12:05 AM
  • Keshav,

    The security token received from the STS is used in subsequent steps when interacting with the enrollment service endpoints, see. MS-MDE 1.3 Overview, and 3.2, 3.3, 3.4.

    MS-MDE

    1.3 Overview

    http://msdn.microsoft.com/en-us/library/dn410708.aspx

    3.1.4.1.3.2   DiscoveryResponse

    http://msdn.microsoft.com/en-us/library/dn392394.aspx

    3.2 Interaction with Security Token Service (STS)

    3.3 Interaction with X.509 Certificate Enrollment Policy

    3.4 Interaction with WS-Trust X.509v3 Token Enrollment

    Thanks,

    Edgar
    Wednesday, February 5, 2014 8:27 PM
  • I am developing MDM solution for Windows phone 8.1. I am stuck at enrollment process. I have gone through MS-MDE document but steps are not clear to me. I am new to windows environment for such enrollment and still learning so my question would be little naive . As I could see from comments below many have succeeded in the enrollment process. I have posted question regarding same but have no answers yet so decided to post comment. Hopefully will get response back. can anyone simply enrollment steps for WP8.1 ?
    Tuesday, April 1, 2014 12:52 PM
  • The purpose of this forum is to support the Open Specifications documentation. You can read about the Microsoft Open Specifications program here,

    http://www.microsoft.com/openspecifications/en/us/default.aspx

    The library of Open Specification documents is located here,

    http://msdn.microsoft.com/en-us/library/dd208104.aspx

    It doesn’t appear that you are implementing one of the protocols cited.  Your question may be more applicable to the one of the forums or other resources cited below:

    Windows Phone Development forums
    http://social.msdn.microsoft.com/Forums/wpapps/en-US/home?category=wpapps

    Here’s the protocol document for the phone. This is not under the Open Specs umbrella.

    Windows Phone 8 Enterprise Device Management Protocol
    http://www.microsoft.com/en-us/download/details.aspx?id=36831

    Microsoft’s solution for server side of phone device management:

    Managing Windows Phone 8 with Windows Intune
    http://www.microsoft.com/en-us/download/details.aspx?id=36174

    Enabling Mobile Device Management with Windows Intune
    http://technet.microsoft.com/en-us/library/jj733654.aspx

    Windows Intune Forums
    http://social.technet.microsoft.com/Forums/windows/en-US/home?category=windowsintune


    Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team

    Tuesday, April 1, 2014 5:07 PM