Page Comparison

    example: https://enterpriseenrollment.wso2.com/EnrollmentServer/Discovery.svc

• The first Proxy endpoint known as the Discovery Service Endpoint receives the initial request from the device. 

  Info
  The initial request from the device is a standard HTTP GET request.

• The received request is redirected by the Proxy Server to MDM endpoint 01 at the server end.

  Info
  The GET request helps the device to check if the server is up and running.

•  Once a success message is returned to the device by MDM endpoint 01, It will move to the next step.

Step 3: MDM endpoint 01

http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/discovery/get 

• This endpoint receives the initial GET request that was redirected by the Proxy Server. It then returns a success response to the device. 
• When the endpoint receives the success message from the server, the device triggers a HTTPS POST request to the same proxy endpoint (Proxy endpoint 01) .
  The Proxy Server redirects the request to MDM endpoint 02, which is at the server side.
   

Step 4: MDM endpoint 02

http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/discovery/post 

• Once the POST request from the device is received at this endpoint, the MDM server will include the following details within a response body and send to the device.  
  1. Authentication Policy.(Federated)
  2. Proxy endpoint for the Enrollment policy. (/ENROLLMENTSERVER/PolicyEnrollmentWebservice.svc) - Proxy endpoint 02.
  3. Proxy endpoint for the Enrollment Service. (/ENROLLMENTSERVER/DeviceEnrollmentWebservice.svc) - Proxy endpoint 03
  
  4.
    Proxy endpoint for the Windows login page.
   
  (/emm-web-agent) - Proxy endpoint for the federated login page.

https://enterpriseenrollment.<EMAIL_DOMAIN>/emm/enrollments/windows/login-agent

• After receiving the above responses, the device requests are made in the following order:

  1. The device requests for the login page using the proxy endpoint URL. The proxy server will then route the request to the following EMM endpoint.

     Code Block
     http://<server-ip>:<server-port>/emm-web-agent

  2. Next the device sends a request to Proxy endpoint 2 and 3 respectively.
      

Step 5: Proxy endpoint 02

https://enterpriseenrollment.<EMAIL_DOMAIN>/enrollmentserver/policyenrollmentwebservice.svc 

Step 6: MDM endpoint 03

http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/certificatepolicy/xcep

• MDM Endpoint 3 responds back to the device with the Certificate Enrollment Policy.

  Info
  The Certificate Enrollment Policy is an implementation of the MS-XCEP 509 protocol.

• Once the certificate enrollment policy is received, the device sends the Certificate Signing Request (CSR) to Proxy endpoint 03.

Step 7: Proxy endpoint 03

https://enterpriseenrollment.<EMAIL_DOMAIN>/enrollmentserver/deviceenrollmentwebservice.svc 

Step 8: MDM Endpoint 04

http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/deviceenrolment/wstep

• The service corresponding to this endpoint generates the signed certificate for the Certificate Signing Request and Root certificate.

• It then responds to the device with an encoded wap-provisioning.xml file, which includes necessary certificates and other Device Management information.

  Info
  The certificate enrollment is an implementation of the MS-WSTEP protocol. The initial details provided through the POST request are used to persist the device details in the database.

At the end of this flow the device is successfully enrolled.

Step 9: Proxy Endpoint 04

https://enterpriseenrollment.<EMAIL_DOMAIN>/syncml/initialquery

This Proxy Server routes the message received to MDM endpoint 05.

Step 10: MDM Endpoint 05

http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/syncml/devicemanagement/request

This endpoint will handle all the device management requests and responses.