2.2.9.1 XML Provisioning Schema
The entire XML provisioning document is base64-encoded. The document contains:
The requested client certificate, the trusted root certificate, and intermediate certificates.
The provisioning information for the device management client.
The enrollment client installs the client certificate, as well as the trusted root certificate and intermediate certificates. The provisioning information includes content such as the location of the Device Management Service (DMS) and various properties that the device management client uses to communicate with the DMS.
The following schemas are examples of the XML required for the provisioning document. The explanation for each field in the document appears inline in the example as XML comments.
The following XML is a provisioning example for Mobile Device Management (MDM) in user context.
-
<wap-provisioningdoc version="1.1"> <characteristic type="CertificateStore"> <characteristic type="Root"> <characteristic type="System"> <characteristic type="031336C933CC7E228B88880D78824FB2909A0A2F"> <parm name="EncodedCertificate" value="B64 encoded cert insert here" /> </characteristic> </characteristic> </characteristic> </characteristic> <characteristic type="CertificateStore"> <characteristic type="My" > <characteristic type="User"> <characteristic type="F9A4F20FC50D990FDD0E3DB9AFCBF401818D5462"> <parm name="EncodedCertificate" value="B64EncodedCertInsertedHere" /> </characteristic> <characteristic type="PrivateKeyContainer"/> <!-- This tag must be present for XML syntax correctness. --> </characteristic> <characteristic type="WSTEP"> <characteristic type="Renew"> <!--If the datatype for ROBOSupport, RenewPeriod, and RetryInterval tags exist, they must be set explicitly. --> <parm name="ROBOSupport" value="true" datatype="boolean"/> <parm name="RenewPeriod" value="60" datatype="integer"/> <parm name="RetryInterval" value="4" datatype="integer"/> </characteristic> </characteristic> </characteristic> </characteristic> <characteristic type="APPLICATION"> <parm name="APPID" value="w7"/> <parm name="PROVIDER-ID" value="TestMDMServer"/> <parm name="NAME" value="Microsoft"/> <parm name="ADDR" value="https://DM.contoso.com:443/omadm/Windows.ashx"/> <parm name="CONNRETRYFREQ" value="6" /> <parm name="INITIALBACKOFFTIME" value="30000" /> <parm name="MAXBACKOFFTIME" value="120000" /> <parm name="BACKCOMPATRETRYDISABLED" /> <parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+wbxml" /> <parm name="SSLCLIENTCERTSEARCHCRITERIA" value= "Subject=DC%3dcom%2cDC%3dmicrosoft%2cCN%3dUsers%2cCN%3dAdministrator&Stores=My%5CUser"/> <characteristic type="APPAUTH"> <parm name="AAUTHLEVEL" value="CLIENT"/> <parm name="AAUTHTYPE" value="DIGEST"/> <parm name="AAUTHSECRET" value="password1"/> <parm name="AAUTHDATA" value="B64encodedBinaryNonceInsertedHere"/> </characteristic> <characteristic type="APPAUTH"> <parm name="AAUTHLEVEL" value="APPSRV"/> <parm name="AAUTHTYPE" value="BASIC"/> <parm name="AAUTHNAME" value="testclient"/> <parm name="AAUTHSECRET" value="password2"/> </characteristic> </characteristic> <characteristic type="DMClient"> <!--When available, an enrollment server should use DMClient CSP XML to configure DM polling schedules. --> <characteristic type="Provider"> <!-- ProviderID in DMClient CSP must match to PROVIDER-ID in w7 APPLICATION characteristics --> <characteristic type="TestMDMServer"> <parm name="UPN" value="UserPrincipalName@domain.com" datatype="string" /> <characteristic type="Poll"> <parm name="NumberOfFirstRetries" value="8" datatype="integer" /> <parm name="IntervalForFirstSetOfRetries" value="15" datatype="integer" /> <parm name="NumberOfSecondRetries" value="5" datatype="integer" /> <parm name="IntervalForSecondSetOfRetries" value="3" datatype="integer" /> <parm name="NumberOfRemainingScheduledRetries" value="0" datatype="integer" /> <!-- MDM push can be used where avaialble to support real-time communication. The DM client long term polling schedule’s retry waiting interval should be more than 24 hours (1440) to reduce the impact to data consumption and battery life. Refer to the DMClient Configuration Service Provider section for information about polling schedule parameters.--> <parm name="IntervalForRemainingScheduledRetries" value="1560" datatype="integer" /> <parm name="PollOnLogin" value="true" datatype="boolean" /> </characteristic> <parm name="EntDeviceName" value="Administrator_Windows" datatype="string" /> </characteristic> </characteristic> </characteristic> <!-- The EnterpriseAppManagement Configuration Service Provider is being deprecated. A replacement will be provided in the future for company hub installation. --> </wap-provisioningdoc>
The following XML is a provisioning example for Mobile Device Management (MDM) in device context.
-
<wap-provisioningdoc version="1.1"> <characteristic type="CertificateStore"> <characteristic type="Root"> <characteristic type="System"> <characteristic type="031336C933CC7E228B88880D78824FB2909A0A2F"> <parm name="EncodedCertificate" value="B64 encoded cert insert here" /> </characteristic> </characteristic> </characteristic> </characteristic> <characteristic type="CertificateStore"> <characteristic type="My" > <characteristic type="System"> <characteristic type="F9A4F20FC50D990FDD0E3DB9AFCBF401818D5462"> <parm name="EncodedCertificate" value="B64EncodedCertInsertedHere" /> </characteristic> <characteristic type="PrivateKeyContainer"/> <!-- This tag must be present for XML syntax correctness. --> </characteristic> <characteristic type="WSTEP"> <characteristic type="Renew"> <!-- If the datatype for ROBOSupport, RenewPeriod, and RetryInterval tags exist, they must be set explicitly. --> <parm name="ROBOSupport" value="true" datatype="boolean"/> <parm name="RenewPeriod" value="60" datatype="integer"/> <parm name="RetryInterval" value="4" datatype="integer"/> </characteristic> </characteristic> </characteristic> </characteristic> <characteristic type="APPLICATION"> <parm name="APPID" value="w7"/> <parm name="PROVIDER-ID" value="TestMDMServer"/> <parm name="NAME" value="Microsoft"/> <parm name="ADDR" value="https://DM.contoso.com:443/omadm/Windows.ashx"/> <parm name="CONNRETRYFREQ" value="6" /> <parm name="INITIALBACKOFFTIME" value="30000" /> <parm name="MAXBACKOFFTIME" value="120000" /> <parm name="BACKCOMPATRETRYDISABLED" /> <parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+wbxml" /> <parm name="SSLCLIENTCERTSEARCHCRITERIA" value= "Subject=DC%3dcom%2cDC%3dmicrosoft%2cCN%3dUsers%2cCN%3dAdministrator&Stores=My%5CUser"/> <characteristic type="APPAUTH"> <parm name="AAUTHLEVEL" value="CLIENT"/> <parm name="AAUTHTYPE" value="DIGEST"/> <parm name="AAUTHSECRET" value="password1"/> <parm name="AAUTHDATA" value="B64encodedBinaryNonceInsertedHere"/> </characteristic> <characteristic type="APPAUTH"> <parm name="AAUTHLEVEL" value="APPSRV"/> <parm name="AAUTHTYPE" value="BASIC"/> <parm name="AAUTHNAME" value="testclient"/> <parm name="AAUTHSECRET" value="password2"/> </characteristic> </characteristic> <characteristic type="DMClient"> <!-- When available, an enrollment server should use DMClient CSP XML to configure DM polling schedules. --> <characteristic type="Provider"> <!-- ProviderID in DMClient CSP must match to PROVIDER-ID in w7 APPLICATION characteristics --> <characteristic type="TestMDMServer"> <parm name="UPN" value="UserPrincipalName@domain.com" datatype="string" /> <characteristic type="Poll"> <parm name="NumberOfFirstRetries" value="8" datatype="integer" /> <parm name="IntervalForFirstSetOfRetries" value="15" datatype="integer" /> <parm name="NumberOfSecondRetries" value="5" datatype="integer" /> <parm name="IntervalForSecondSetOfRetries" value="3" datatype="integer" /> <parm name="NumberOfRemainingScheduledRetries" value="0" datatype="integer" /> <!-- MDM push can be used where avaialble to support real-time communication. The DM client long term polling schedule’s retry waiting interval should be more than 24 hours (1440) to reduce the impact to data consumption and battery life. Refer to the DMClient Configuration Service Provider section for information about polling schedule parameters.--> <parm name="IntervalForRemainingScheduledRetries" value="1560" datatype="integer" /> <parm name="PollOnLogin" value="true" datatype="boolean" /> </characteristic> <parm name="EntDeviceName" value="Administrator_Windows" datatype="string" /> </characteristic> </characteristic> </characteristic> <!-- The EnterpriseAppManagement Configuration Service Provider is being deprecated. A replacement will be provided in the future for company hub installation. --> </wap-provisioningdoc>
The following XML is a provisioning example for Mobile Application Management (MAM).<1>
-
<wap-provisioningdoc version="1.1"> <characteristic type="APPLICATION"> <parm name="APPID" value="w7"/> <parm name="PROVIDER-ID" value="MAM SyncML Server"/> <parm name="NAME" value="mddprov account"/> <parm name="ADDR" value="http://localhost:88"/> <parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+xml" /> </characteristic> <characteristic type="DMClient"> <characteristic type="Provider"> <characteristic type="MAM SyncML Server"> <characteristic type="Poll"> <parm name="NumberOfRemainingScheduledRetries" value="0" datatype="integer" /> <parm name="IntervalForRemainingScheduledRetries" value="480" datatype="integer" /> </characteristic> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc>