Understand the backend workflow of the Apple Push Notification Service before initiating the MDM management on Apple devices.
- System Administrator remotely performs MDM actions such as lock device, clear device passcode, device wipe, and break MDM from the UEM console.
A notification will be queued in FastLaneAPNsOutBound queue which is picked up by Workspace ONE Messaging Service and sent to APNs server. Later, a command is queued in AWEventLog queue and then picked up by EntityChangeQueueMonitor service. This service queues the command in Workspace ONE Database server.
- The device always has an active connection to APNs. All communication to APNs is inbound and is constantly checking with APNs. The servers let the device know when there's a command waiting for the device by MDM.
- Once the device receives the push notification, it checks-in to the Workspace ONE device services server.
- Device services server checks whether any command is queued for that particular device (based on DeviceID) in the Workspace ONE database server.
- Device services server pulls the command which is already queued for that device from the Workspace ONE database server.
- Device services generates an XML and sends it to the device. Native MDM Agent (MDM profile installed on device) then performs required action on the device.