To do Account driven BYOD device enrolment in Intune for iOS devices you need to publish to the website on your domain a JSON file that contains your tenant ID. The URL for this file is https://c7solutions.com/.well-known/com.apple.remotemanagement where the domain (c7solutions.com in this case) is the same as the domain of the username on the device.
The JSON file will look like this, where the TenantId is your publicly available Tenant ID:
{
"Servers": [
{
"Version": "mdm-byod",
"BaseURL": "https://manage.microsoft.com/EnrollmentServer/PostReportDeviceInfoForUEV2?aadTenantId=26595c34-9a91-4bf2-9720-6914c98f0771"
}
]
}
But, you need to make sure that the file is served to the phone with the “application/json” MIME type. If your web server is Internet Information Server (IIS) running on Windows you can do this from the MIME Type admin extension on the server, or you can upload a modification to the MIME Types via lines in web.config. This change looks like this:
<system.webServer>
...
<staticContent>
<remove fileExtension=".remotemanagement" />
<mimeMap fileExtension=".remotemanagement" mimeType="application/json" />
</staticContent>
</system.webServer>
You might have other content in system.webServer, so … in the above indicates that other content. You need to add a staticContent/fileExtension node, and both a remove and mimeMap entry for .remotemanagement. The mimeType needs to be application/json.
Once done and web.config saved back to the IIS server, you can check the headers in Developer Tools in the browser – it will show the MIME Type:
You will have other headers depending upon your server and how it is managed, but you need Content-Type to return application/json for this file.
Note that some IIS configurations do not support arbitrary file extensions on the server, and if that is the case you will get a 404 for this file instead (not found). Adding this MIME Type will also resolve the 404 issue.
Leave a Reply