> For the complete documentation index, see [llms.txt](https://docs.secure-contacts.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.secure-contacts.com/documentation/deployment-sca/app-configuration/ios-mobiledevicemanagement-mdm-protocol.md).

# iOS - MobileDeviceManagement (MDM) protocol

SCA uses a standard protocol, the [Mobile Device Management (MDM) protocol](https://developer.apple.com/business/documentation/MDM-Protocol-Reference.pdf) from Apple. \
You can use any EMM provider for our app (e.g. Microsoft Intune, MobileIron, Jamf, Airwatch, XenMobile...).\
\
To cause the device to poll the MDM server for commands, the MDM server sends a notification through the APNS gateway to the device. This message gets sent via the push notification service.

Configuring the user UPN setting is **required** for devices that are managed by Intune or a third-party EMM solution to identify the enrolled user account for the sending *policy managed app* when transferring data to an iOS managed app. The UPN configuration works with the app protection policies you deploy from Intune.<br>

### How to manage data transfer between SCA and iOS Apps

In case you have managed Devices in Intune (not MAM-WE), it is mandatory to use the IntuneMAMUPN ConfigurationKey in App Configuration Policy for Intune, for App Protection Policy.

The exact syntax of the key/value pair for SCA may differ based on your third-party MDM provider. The following table shows examples of third-party MDM providers and the exact values you should enter for the key/value pair.

<table><thead><tr><th>Third-party MDM provider</th><th>Configuration Key</th><th width="123">Value Type</th><th>Configuration Value</th></tr></thead><tbody><tr><td>Microsoft Intune</td><td>IntuneMAMUPN</td><td>String</td><td>{{userprincipalname}}</td></tr><tr><td>Microsoft Intune</td><td>IntuneMAMOID</td><td>String</td><td>{{userid}}</td></tr><tr><td>VMware AirWatch</td><td>IntuneMAMUPN</td><td>String</td><td>{UserPrincipalName}</td></tr><tr><td>MobileIron</td><td>IntuneMAMUPN</td><td>String</td><td>${userUPN} <strong>or</strong> ${userEmailAddress}</td></tr><tr><td>Citrix Endpoint Management</td><td>IntuneMAMUPN</td><td>String</td><td>${user.userprincipalname}</td></tr><tr><td>ManageEngine Mobile Device Manager</td><td>IntuneMAMUPN</td><td>String</td><td>%upn%</td></tr></tbody></table>

{% hint style="info" %}
For more information about [How to manage data transfer between iOS apps in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/apps/data-transfer-between-apps-manage-ios)
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.secure-contacts.com/documentation/deployment-sca/app-configuration/ios-mobiledevicemanagement-mdm-protocol.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.