Configuring iOS/iPadOS Devices Through Mobile Device Management

  1. Enroll your devices into Microsoft Intune.

    For more information, see the Microsoft documentation.

  2. Use Apple's Corporate Device Enrollment features in Apple Business Manager (ABM) to enroll iOS/iPadOS devices in Intune.

    For more information, see the Microsoft documentation.

  3. Prepare the configuration profile file.
    1. Create a PAC file for use by your iOS/iPadOS devices, and add the following domains in the Bypass proxy for these hosts & domains text box.
      • *.icloud.co*

      • cdn.apple-cloudkit.com

      • appleid.cdn-apple.com

      • idmsa.apple.com

      Record the PAC file address under PAC File Location. You will need this in step 3c.

    2. Create a file, and then copy and paste the following text into the file.
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
      <plist version="1.0">
      <dict>
      	<key>PayloadContent</key>
      	<array>
      		<dict>
      			<key>PayloadDescription</key>
      			<string>Global HTTP Proxy</string>
      			<key>PayloadDisplayName</key>
      			<string>Global HTTP Proxy</string>
      			<key>PayloadIdentifier</key>
      			<string>com.apple.proxy.http.global.3DCE9B94-FB92-4B13-B2E5-70EC83DCBC39</string>
      			<key>PayloadType</key>
      			<string>com.apple.proxy.http.global</string>
      			<key>PayloadUUID</key>
      			<string>3DCE9B94-FB92-4B13-B2E5-70EC83DCBC39</string>
      			<key>PayloadVersion</key>
      			<integer>1</integer>
      			<key>ProxyCaptiveLoginAllowed</key>
      			<false/>
      			<key>ProxyPACFallbackAllowed</key>
      			<true/>
      			<key>ProxyPACURL</key>
      			<string>http://pac.iws-hybrid.trendmicro.com/proxy.pac</string>
      			<key>ProxyType</key>
      			<string>Auto</string>
      		</dict>
      		<dict>
      			<key>PayloadCertificateFileName</key>
      			<string>tmws_root_ca.cer</string>
      			<key>PayloadContent</key>
      			<data>
      			MIIDljCCAn6gAwIBAgIJANgOQ5e77nThMA0GCSqGSIb3DQEBCwUA
      			MFsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwC
      			Q1UxDjAMBgNVBAoMBVRSRU5EMQwwCgYDVQQLDANJV1MxFDASBgNV
      			BAMMC1RSRU5ELklXUy4yMB4XDTE5MDcwOTE1NTA0N1oXDTM5MDcy
      			NDE1NTA0N1owWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQsw
      			CQYDVQQHDAJDVTEOMAwGA1UECgwFVFJFTkQxDDAKBgNVBAsMA0lX
      			UzEUMBIGA1UEAwwLVFJFTkQuSVdTLjIwggEiMA0GCSqGSIb3DQEB
      			AQUAA4IBDwAwggEKAoIBAQCc1NKr7o9AaGW4C6nSKYzWvEvgJdHg
      			zQ/ehGwx1N/bLlbS01zNC5ceHUpd61BYIWNkHRKOuJVRK/ahN1CI
      			mp56PhcfpEAfxYVaiQXFDpgJws3eJbnaQkUv2NTu346zgkQkvheP
      			2yh5pbPOT3jn7x1MLfQJxzQVaIz969JqfBdYZzLttCmc6cLWUe8L
      			8OzFXb2XYb/E7ths58tDQ25+ZAAf+U7/pwZH4WE+9v+qBXfvbrkk
      			F9Z7H0wLQPLLmV9kY9p0B8soss6NzXk23qTuN3auYnU6CuS9W8eA
      			aoud42SDjyBt8Jd6VYb9fKWCcLOrfPfa9zvPcEhzGW/OEUrp/Bnl
      			AgMBAAGjXTBbMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFDlxXaRS
      			I/Qt89xkIrvz6ePrHifSMB8GA1UdIwQYMBaAFDlxXaRSI/Qt89xk
      			Irvz6ePrHifSMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
      			AQEAD+vHNJr/il0e7+3oxJyI/C8acoX9Yj1XYWRbsJP/9TUom1UZ
      			z2J45Ya8cS6Cvfa42V53B5FjfQ7IJXwJGi/hcqIy9p674kG922Ym
      			E6WolADsSgPis5rKu6IyqDH4v8qNIEbTveuHa7ECc+kMnn88NAjV
      			gxOt+4NNqIKdbSUvFSTB0x0TlC3FYLwT6wtitNyXUoxdN8bIcGgX
      			Ygwj4JG6qK4zLiws5aZByLQqY4Y2FQ0ZuzRhjkZQPEilhjyEu071
      			HP/S+ijY/jXdyCYn3ZlG5hNZF0hC0qfIySSsF6r7fHEoOqcxwT3J
      			PvrXU41htWXKzHGogIYll/xV8tzWjiRASg==
      			</data>
      			<key>PayloadDescription</key>
      			<string>Adds a CA root certificate</string>
      			<key>PayloadDisplayName</key>
      			<string>TREND.IWS.2</string>
      			<key>PayloadIdentifier</key>
      			<string>com.apple.security.root.293117E2-4DE5-449F-B21F-668C17945FA8</string>
      			<key>PayloadType</key>
      			<string>com.apple.security.root</string>
      			<key>PayloadUUID</key>
      			<string>293117E2-4DE5-449F-B21F-668C17945FA8</string>
      			<key>PayloadVersion</key>
      			<integer>1</integer>
      		</dict>
      		<dict>
      			<key>PayloadCertificateFileName</key>
      			<string>tmws_root_ca2.cer</string>
      			<key>PayloadContent</key>
      			<data>
      			MIIF6zCCA9OgAwIBAgIUY0MDIYl3oheMRUKqfHyVcx5d1gEwDQYJKoZIhvcNAQEL
      			BQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJDVTEUMBIG
      			A1UECgwLVHJlbmQgTWljcm8xDTALBgNVBAsMBFRNV1MxLzAtBgNVBAMMJlRyZW5k
      			IE1pY3JvIFdlYiBTZWN1cml0eSBDbG91ZCBSb290IENBMB4XDTIwMDgxNzA2NTky
      			MVoXDTQwMDkwMTA2NTkyMVowfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQsw
      			CQYDVQQHDAJDVTEUMBIGA1UECgwLVHJlbmQgTWljcm8xDTALBgNVBAsMBFRNV1Mx
      			LzAtBgNVBAMMJlRyZW5kIE1pY3JvIFdlYiBTZWN1cml0eSBDbG91ZCBSb290IENB
      			MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuHcSU43KYws7UxoyfH8R
      			cnaO0cr/HETn3npjrKxWy3+L8/RSPg/KjUgZhVIqcYgef40rsNoNrM67UwdRxlDp
      			r7qKT47PZFaIwMCpfqPFHYvnz7JlcomfeY576ksnMZ87X7ThK3ZqXAuuTUHeDUXe
      			p9QAWmPMJwq15xGfPf28AR8jEfF8V0xbFHbyMYQyKpzbPDUGAgiLgKGiDsYkEpi6
      			5FfOGNKHjauQ+s1BlO/j9MLtp2Jf9me27iSyluD+ATo93a7Z3vlHBIyazENhPG7y
      			Ja971DBy8FUhKWrrn1Nv2VBCT+4bVpKAvoIqhbFFytBcTRfq0dRMPmiB9ug2BjxD
      			ry5Uucko8jMT2aN96M+Jm5Rlaq9W/ci7jkVgwDAAPtGDum8Eyxt38CRkmfFcMpXM
      			OnPBdaDcvTXwIU+TSd2g8nJqHlD19Ijb1QuoRzA+45ByparF5/1QvPhd9nHKBUN+
      			foNZJXBXdKBPtycjjL+8zeS3KXA2qo5gn2B6BOsG67O4/4uAEqEB7WsLpdCaKk4z
      			rA5fiNyBarRsXY6ueuEnwkupxyswldzihj2/HNZtdk1pZQo9PIUe4PmuSoBJxvQw
      			yBJ+AI9hOJ6UpTsS/UX9ei0z87ZBiLKPh4zUjZtPzI4UQErv3QigG/v+fnMmhEAO
      			Y0lTQfpqWoBsADZyLwzpZh0CAwEAAaNjMGEwHQYDVR0OBBYEFBRXUcrpvwS0GfK1
      			BExFs5lWHd5tMB8GA1UdIwQYMBaAFBRXUcrpvwS0GfK1BExFs5lWHd5tMA8GA1Ud
      			EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBI
      			Yss8K8xKhzUbqyXJUYvj3Hn7vORhn/V7igI/GSS2qMrdwAf32tAJTNIUrMY4t953
      			JqKrq5riO+b8cWuiQ/uBBOdPgNNFrV18Rvha8A7EjRtMs6iqi+41fzsbD0A5yGi1
      			f1QdKVCQDjGvwh1/TO+foQEk+2A2P1/SwiRatfL4KndaW1MJdmE04XnWgvdxut+j
      			gxLO4G5ZnsMCALE2XxK1Ocro1wBuC46V35R4WqX446GHWw45VQhM+Ffj+yuCWzK9
      			bv6CTo+PDChOiiTEWjL/OR7a2Q4hN0nk3T0sdz+HAQ38IepDrf+Yb5y6TGpn00Oy
      			zuXYBXUH6PpHIK+Ds6Ekvm9A3v0TyRg4XCc3ZzGyQvKRhkEuf68V67W511yOLOvL
      			zOKUGh92JnHtyweN8CWeaG412UEWYKhJqTpAoz7DRBqBS3Iz5xZb+lDFmOSoqIQp
      			OJQRNLnWH+8RD9rRQcer+aze+7QqzJs7l9k7XTtwAYbfzh3ILKUn/WYYHcyI/oU8
      			rbUkypejehCoTUCMIQf7nhe+z+JjaXGbCPc5meCIvKJexvzrEt8FtNO4Xqy6dnwh
      			aI0qeRa3qKnIlWSlss03Yjv3VrboNQAdeLqX9lE+Esx3D493JxZCFOkI37IYSGtw
      			Ja1Ww/+3VAszyyrIU5j702NqLJGFcX18LGC404RYeg==
      			</data>
      			<key>PayloadDescription</key>
      			<string>Adds a CA root certificate</string>
      			<key>PayloadDisplayName</key>
      			<string>Trend Micro Web Security Cloud Root CA</string>
      			<key>PayloadIdentifier</key>
      			<string>com.apple.security.root.54DAAE8F-9FA8-420E-BADE-6238B585396B</string>
      			<key>PayloadType</key>
      			<string>com.apple.security.root</string>
      			<key>PayloadUUID</key>
      			<string>54DAAE8F-9FA8-420E-BADE-6238B585396B</string>
      			<key>PayloadVersion</key>
      			<integer>1</integer>
      		</dict>
      	</array>
      	<key>PayloadDisplayName</key>
      	<string>TMWS Proxy</string>
      	<key>PayloadIdentifier</key>
      	<string>2020.15D12E18-1B48-4D63-8C98-47E9E33D6B7F</string>
      	<key>PayloadRemovalDisallowed</key>
      	<false/>
      	<key>PayloadType</key>
      	<string>Configuration</string>
      	<key>PayloadUUID</key>
      	<string>D86D70A5-87F2-4352-A9A8-DCD608EEF391</string>
      	<key>PayloadVersion</key>
      	<integer>1</integer>
      </dict>
      </plist>
    3. Replace the ProxyPACURL link http://pac.iws-hybrid.trendmicro.com/proxy.pac with the PAC file address recorded in step 3a, and then save the file as tmws_proxy.mobileconfig, for example.
  4. Create a profile in the Microsoft Endpoint Manager admin center.
    1. Sign in to the Microsoft Endpoint Manager admin center, go to Devices > iOS/iPadOS > Configuration profiles, and then click Create profile.
    2. On the Create a profile screen that appears, select Custom from the Profile drop-down list and click Create.
    3. On the Custom screen that appears, specify a name for the profile on the Basics tab and click Next.
    4. On the Configuration settings tab that appears, specify a name for the configuration profile, upload the configuration profile file created in step 3, and then click Next.
    5. On the Assignments tab that appears, select All devices from the Assign to drop-down list and click Next.
    6. On the Review + create tab that appears, confirm the information you specified and click Create.
  5. Instruct users to configure settings on their devices.
    1. On the iOS/iPadOS device, go to Settings > General > Device Management > Management Profile, confirm that the profile installation is listed, and then check the iOS/iPadOS policy restrictions.

      Policy restrictions might take up to 10 minutes to appear on the device.

    2. Go to Settings > Safari, and disable Prevent Cross-Site Tracking and Block All Cookies under PRIVACY & SECURITY.
    3. Open a web browser and go to http://diagnose.iws-hybrid.trendmicro.com.

      If the connection status for TMWS is Yes, TMWS is working properly on the device.