# iOS - MobileDeviceManagement (MDM) protocol

SCA uses a standard protocol, the [Mobile Device Management (MDM) protocol](https://developer.apple.com/business/documentation/MDM-Protocol-Reference.pdf) from Apple. \
You can use any EMM provider for our app (e.g. Microsoft Intune, MobileIron, Jamf, Airwatch, XenMobile...).\
\
To cause the device to poll the MDM server for commands, the MDM server sends a notification through the APNS gateway to the device. This message gets sent via the push notification service.

Configuring the user UPN setting is **required** for devices that are managed by Intune or a third-party EMM solution to identify the enrolled user account for the sending *policy managed app* when transferring data to an iOS managed app. The UPN configuration works with the app protection policies you deploy from Intune.<br>

### How to manage data transfer between SCA and iOS Apps

In case you have managed Devices in Intune (not MAM-WE), it is mandatory to use the IntuneMAMUPN ConfigurationKey in App Configuration Policy for Intune, for App Protection Policy.

The exact syntax of the key/value pair for SCA may differ based on your third-party MDM provider. The following table shows examples of third-party MDM providers and the exact values you should enter for the key/value pair.

<table><thead><tr><th>Third-party MDM provider</th><th>Configuration Key</th><th width="123">Value Type</th><th>Configuration Value</th></tr></thead><tbody><tr><td>Microsoft Intune</td><td>IntuneMAMUPN</td><td>String</td><td>{{userprincipalname}}</td></tr><tr><td>Microsoft Intune</td><td>IntuneMAMOID</td><td>String</td><td>{{userid}}</td></tr><tr><td>VMware AirWatch</td><td>IntuneMAMUPN</td><td>String</td><td>{UserPrincipalName}</td></tr><tr><td>MobileIron</td><td>IntuneMAMUPN</td><td>String</td><td>${userUPN} <strong>or</strong> ${userEmailAddress}</td></tr><tr><td>Citrix Endpoint Management</td><td>IntuneMAMUPN</td><td>String</td><td>${user.userprincipalname}</td></tr><tr><td>ManageEngine Mobile Device Manager</td><td>IntuneMAMUPN</td><td>String</td><td>%upn%</td></tr></tbody></table>

{% hint style="info" %}
For more information about [How to manage data transfer between iOS apps in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/apps/data-transfer-between-apps-manage-ios)
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.secure-contacts.com/documentation/deployment-sca/app-configuration/ios-mobiledevicemanagement-mdm-protocol.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.