Links

iOS - MobileDeviceManagement (MDM) protocol

SCA uses a standard protocol, the Mobile Device Management (MDM) protocol from Apple. You can use any EMM provider for our app (e.g. Microsoft Intune, MobileIron, Jamf, Airwatch, XenMobile...). To cause the device to poll the MDM server for commands, the MDM server sends a notification through the APNS gateway to the device. This message gets sent via the push notification service.
Configuring the user UPN setting is required for devices that are managed by Intune or a third-party EMM solution to identify the enrolled user account for the sending policy managed app when transferring data to an iOS managed app. The UPN configuration works with the app protection policies you deploy from Intune.

How to manage data transfer between SCA and iOS Apps

In case you have managed Devices in Intune (not MAM-WE), it is mandatory to use the IntuneMAMUPN ConfigurationKey in App Configuration Policy for Intune, for App Protection Policy.
The exact syntax of the key/value pair for SCA may differ based on your third-party MDM provider. The following table shows examples of third-party MDM providers and the exact values you should enter for the key/value pair.
Third-party MDM provider
Configuration Key
Value Type
Configuration Value
Microsoft Intune
IntuneMAMUPN
String
{{userprincipalname}}
Microsoft Intune
IntuneMAMOID
String
{{userid}}
VMware AirWatch
IntuneMAMUPN
String
{UserPrincipalName}
MobileIron
IntuneMAMUPN
String
${userUPN} or ${userEmailAddress}
Citrix Endpoint Management
IntuneMAMUPN
String
${user.userprincipalname}
ManageEngine Mobile Device Manager
IntuneMAMUPN
String
%upn%