Understand the backend workflow of the Apple Push Notification Service before initiating the MDM management on Apple devices.

Procedure

  1. System Administrator remotely performs MDM actions such as lock device, clear device passcode, device wipe, and break MDM from the UEM console.
    A notification will be queued in FastLaneAPNsOutBound queue which is picked up by Workspace ONE Messaging Service and sent to APNs server. Later, a command is queued in AWEventLog queue and then picked up by EntityChangeQueueMonitor service. This service queues the command in Workspace ONE Database server.
  2. The device always has an active connection to APNs. All communication to APNs is inbound and is constantly checking with APNs. The servers let the device know when there's a command waiting for the device by MDM.
  3. Once the device receives the push notification, it checks-in to the Workspace ONE device services server.
  4. Device services server checks whether any command is queued for that particular device (based on DeviceID) in the Workspace ONE database server.
  5. Device services server pulls the command which is already queued for that device from the Workspace ONE database server.
  6. Device services generates an XML and sends it to the device. Native MDM Agent (MDM profile installed on device) then performs required action on the device.