3.1.5.1 Provision Command

The Provision command enables client devices to send the server information about the device, to request from the server the security policy settings set by the server administrator, and to report on the status of a remote wipe or an account only remote wipe directive.

The provisioning process has two phases: an initial phase consisting of a Provision command request sent by the client followed by an initial server response, then an acknowledgment phase consisting of a Provision command request sent by the client with an acknowledgment of the initial server response, followed by another server response.

Clients SHOULD<1> begin the provisioning process in the following situations:

  • When contacting the server for the first time.

  • When the server's response to any command indicates that the client needs to re-provision. Whether the server specifies this condition by returning a value in the Status element or by returning an HTTP 4xx or 5xx response code depends on the protocol version. For details, see the table of status values in [MS-ASCMD] section 2.2.2.

  • When the server's response to any command indicates that the client needs to do a remote wipe. Whether the server specifies this condition by returning a value in the Status element or by returning an HTTP 4xx or 5xx response code depends on the protocol version. For details, see the table of status values in [MS-ASCMD] section 2.2.2.

The format of the Provision command request and response differs based on the context in which it is used. The contexts for the Provision command are:

  • The initial request, as specified in section 3.1.5.1.1.

  • Acknowledging security policy settings, as specified in section 3.1.5.1.2.1.

  • Acknowledging a remote wipe directive, as specified in section 3.1.5.1.2.2, or an account only remote wipe directive, as specified in section 3.1.5.1.2.3.

The current security policy settings on the client are represented by the current policy key, which is sent to the server in the X-MS-PolicyKey header ([MS-ASHTTP] section 2.2.1.1.2.8) if the client is using a plain text query value, as specified in [MS-ASHTTP] section 2.2.1.1.1.2, or the Policy key field of the base64 encoded query value ([MS-ASHTTP] section 2.2.1.1.1.1) if the client is using a base64 encoded query value. The policy key is sent to the server for all protocol command requests except the Autodiscover command ([MS-ASCMD] section 2.2.1.1), the Ping command ([MS-ASCMD] section 2.2.1.13), and the HTTP OPTIONS command ([MS-ASHTTP] section 2.2.3).