Configuring iOS/iPadOS Devices Through Mobile Device Management

  1. Enroll your devices into Microsoft Intune.

    For more information, see the Microsoft documentation.

  2. Use Apple's Corporate Device Enrollment features in Apple Business Manager (ABM) to enroll iOS/iPadOS devices in Intune.

    For more information, see the Microsoft documentation.

  3. Prepare the configuration profile file.
    1. Create a PAC file for use by your iOS/iPadOS devices, and add the following domains in the Bypass proxy for these hosts & domains text box.

      • *.icloud.co*

      • cdn.apple-cloudkit.com

      • appleid.cdn-apple.com

      • idmsa.apple.com

      Record the PAC file address under PAC File Location. You will need this in step 3c.

    2. Create a file, and then copy and paste the following text into the file. 
      <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDescription</key>
			<string>Global HTTP Proxy</string>
			<key>PayloadDisplayName</key>
			<string>Global HTTP Proxy</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.proxy.http.global.3DCE9B94-FB92-4B13-B2E5-70EC83DCBC39</string>
			<key>PayloadType</key>
			<string>com.apple.proxy.http.global</string>
			<key>PayloadUUID</key>
			<string>3DCE9B94-FB92-4B13-B2E5-70EC83DCBC39</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>ProxyCaptiveLoginAllowed</key>
			<false/>
			<key>ProxyPACFallbackAllowed</key>
			<true/>
			<key>ProxyPACURL</key>
			<string>http://pac.iws-hybrid.trendmicro.com/proxy.pac</string>
			<key>ProxyType</key>
			<string>Auto</string>
		</dict>
		<dict>
			<key>PayloadCertificateFileName</key>
			<string>tmws_root_ca.cer</string>
			<key>PayloadContent</key>
			<data>
			MIIDljCCAn6gAwIBAgIJANgOQ5e77nThMA0GCSqGSIb3DQEBCwUA
			MFsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwC
			Q1UxDjAMBgNVBAoMBVRSRU5EMQwwCgYDVQQLDANJV1MxFDASBgNV
			BAMMC1RSRU5ELklXUy4yMB4XDTE5MDcwOTE1NTA0N1oXDTM5MDcy
			NDE1NTA0N1owWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQsw
			CQYDVQQHDAJDVTEOMAwGA1UECgwFVFJFTkQxDDAKBgNVBAsMA0lX
			UzEUMBIGA1UEAwwLVFJFTkQuSVdTLjIwggEiMA0GCSqGSIb3DQEB
			AQUAA4IBDwAwggEKAoIBAQCc1NKr7o9AaGW4C6nSKYzWvEvgJdHg
			zQ/ehGwx1N/bLlbS01zNC5ceHUpd61BYIWNkHRKOuJVRK/ahN1CI
			mp56PhcfpEAfxYVaiQXFDpgJws3eJbnaQkUv2NTu346zgkQkvheP
			2yh5pbPOT3jn7x1MLfQJxzQVaIz969JqfBdYZzLttCmc6cLWUe8L
			8OzFXb2XYb/E7ths58tDQ25+ZAAf+U7/pwZH4WE+9v+qBXfvbrkk
			F9Z7H0wLQPLLmV9kY9p0B8soss6NzXk23qTuN3auYnU6CuS9W8eA
			aoud42SDjyBt8Jd6VYb9fKWCcLOrfPfa9zvPcEhzGW/OEUrp/Bnl
			AgMBAAGjXTBbMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFDlxXaRS
			I/Qt89xkIrvz6ePrHifSMB8GA1UdIwQYMBaAFDlxXaRSI/Qt89xk
			Irvz6ePrHifSMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
			AQEAD+vHNJr/il0e7+3oxJyI/C8acoX9Yj1XYWRbsJP/9TUom1UZ
			z2J45Ya8cS6Cvfa42V53B5FjfQ7IJXwJGi/hcqIy9p674kG922Ym
			E6WolADsSgPis5rKu6IyqDH4v8qNIEbTveuHa7ECc+kMnn88NAjV
			gxOt+4NNqIKdbSUvFSTB0x0TlC3FYLwT6wtitNyXUoxdN8bIcGgX
			Ygwj4JG6qK4zLiws5aZByLQqY4Y2FQ0ZuzRhjkZQPEilhjyEu071
			HP/S+ijY/jXdyCYn3ZlG5hNZF0hC0qfIySSsF6r7fHEoOqcxwT3J
			PvrXU41htWXKzHGogIYll/xV8tzWjiRASg==
			</data>
			<key>PayloadDescription</key>
			<string>Adds a CA root certificate</string>
			<key>PayloadDisplayName</key>
			<string>TREND.IWS.2</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.security.root.293117E2-4DE5-449F-B21F-668C17945FA8</string>
			<key>PayloadType</key>
			<string>com.apple.security.root</string>
			<key>PayloadUUID</key>
			<string>293117E2-4DE5-449F-B21F-668C17945FA8</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
		<dict>
			<key>PayloadCertificateFileName</key>
			<string>tmws_root_ca2.cer</string>
			<key>PayloadContent</key>
			<data>
			MIIF6zCCA9OgAwIBAgIUY0MDIYl3oheMRUKqfHyVcx5d1gEwDQYJKoZIhvcNAQEL
			BQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJDVTEUMBIG
			A1UECgwLVHJlbmQgTWljcm8xDTALBgNVBAsMBFRNV1MxLzAtBgNVBAMMJlRyZW5k
			IE1pY3JvIFdlYiBTZWN1cml0eSBDbG91ZCBSb290IENBMB4XDTIwMDgxNzA2NTky
			MVoXDTQwMDkwMTA2NTkyMVowfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQsw
			CQYDVQQHDAJDVTEUMBIGA1UECgwLVHJlbmQgTWljcm8xDTALBgNVBAsMBFRNV1Mx
			LzAtBgNVBAMMJlRyZW5kIE1pY3JvIFdlYiBTZWN1cml0eSBDbG91ZCBSb290IENB
			MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuHcSU43KYws7UxoyfH8R
			cnaO0cr/HETn3npjrKxWy3+L8/RSPg/KjUgZhVIqcYgef40rsNoNrM67UwdRxlDp
			r7qKT47PZFaIwMCpfqPFHYvnz7JlcomfeY576ksnMZ87X7ThK3ZqXAuuTUHeDUXe
			p9QAWmPMJwq15xGfPf28AR8jEfF8V0xbFHbyMYQyKpzbPDUGAgiLgKGiDsYkEpi6
			5FfOGNKHjauQ+s1BlO/j9MLtp2Jf9me27iSyluD+ATo93a7Z3vlHBIyazENhPG7y
			Ja971DBy8FUhKWrrn1Nv2VBCT+4bVpKAvoIqhbFFytBcTRfq0dRMPmiB9ug2BjxD
			ry5Uucko8jMT2aN96M+Jm5Rlaq9W/ci7jkVgwDAAPtGDum8Eyxt38CRkmfFcMpXM
			OnPBdaDcvTXwIU+TSd2g8nJqHlD19Ijb1QuoRzA+45ByparF5/1QvPhd9nHKBUN+
			foNZJXBXdKBPtycjjL+8zeS3KXA2qo5gn2B6BOsG67O4/4uAEqEB7WsLpdCaKk4z
			rA5fiNyBarRsXY6ueuEnwkupxyswldzihj2/HNZtdk1pZQo9PIUe4PmuSoBJxvQw
			yBJ+AI9hOJ6UpTsS/UX9ei0z87ZBiLKPh4zUjZtPzI4UQErv3QigG/v+fnMmhEAO
			Y0lTQfpqWoBsADZyLwzpZh0CAwEAAaNjMGEwHQYDVR0OBBYEFBRXUcrpvwS0GfK1
			BExFs5lWHd5tMB8GA1UdIwQYMBaAFBRXUcrpvwS0GfK1BExFs5lWHd5tMA8GA1Ud
			EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBI
			Yss8K8xKhzUbqyXJUYvj3Hn7vORhn/V7igI/GSS2qMrdwAf32tAJTNIUrMY4t953
			JqKrq5riO+b8cWuiQ/uBBOdPgNNFrV18Rvha8A7EjRtMs6iqi+41fzsbD0A5yGi1
			f1QdKVCQDjGvwh1/TO+foQEk+2A2P1/SwiRatfL4KndaW1MJdmE04XnWgvdxut+j
			gxLO4G5ZnsMCALE2XxK1Ocro1wBuC46V35R4WqX446GHWw45VQhM+Ffj+yuCWzK9
			bv6CTo+PDChOiiTEWjL/OR7a2Q4hN0nk3T0sdz+HAQ38IepDrf+Yb5y6TGpn00Oy
			zuXYBXUH6PpHIK+Ds6Ekvm9A3v0TyRg4XCc3ZzGyQvKRhkEuf68V67W511yOLOvL
			zOKUGh92JnHtyweN8CWeaG412UEWYKhJqTpAoz7DRBqBS3Iz5xZb+lDFmOSoqIQp
			OJQRNLnWH+8RD9rRQcer+aze+7QqzJs7l9k7XTtwAYbfzh3ILKUn/WYYHcyI/oU8
			rbUkypejehCoTUCMIQf7nhe+z+JjaXGbCPc5meCIvKJexvzrEt8FtNO4Xqy6dnwh
			aI0qeRa3qKnIlWSlss03Yjv3VrboNQAdeLqX9lE+Esx3D493JxZCFOkI37IYSGtw
			Ja1Ww/+3VAszyyrIU5j702NqLJGFcX18LGC404RYeg==
			</data>
			<key>PayloadDescription</key>
			<string>Adds a CA root certificate</string>
			<key>PayloadDisplayName</key>
			<string>Trend Micro Web Security Cloud Root CA</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.security.root.54DAAE8F-9FA8-420E-BADE-6238B585396B</string>
			<key>PayloadType</key>
			<string>com.apple.security.root</string>
			<key>PayloadUUID</key>
			<string>54DAAE8F-9FA8-420E-BADE-6238B585396B</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>TMWS Proxy</string>
	<key>PayloadIdentifier</key>
	<string>2020.15D12E18-1B48-4D63-8C98-47E9E33D6B7F</string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>D86D70A5-87F2-4352-A9A8-DCD608EEF391</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>
    3. Replace the ProxyPACURL link http://pac.iws-hybrid.trendmicro.com/proxy.pac with the PAC file address recorded in step 3a, and then save the file as tmws_proxy.mobileconfig, for example.
  4. Create a profile in the Microsoft Endpoint Manager admin center.
    1. Sign in to the Microsoft Endpoint Manager admin center, go to Devices > iOS/iPadOS > Configuration profiles, and then click Create profile.
    2. On the Create a profile screen that appears, select Custom from the Profile drop-down list and click Create.
    3. On the Custom screen that appears, specify a name for the profile on the Basics tab and click Next.
    4. On the Configuration settings tab that appears, specify a name for the configuration profile, upload the configuration profile file created in step 3, and then click Next.
    5. On the Assignments tab that appears, select All devices from the Assign to drop-down list and click Next.
    6. On the Review + create tab that appears, confirm the information you specified and click Create.
  5. Instruct users to configure settings on their devices.
    1. On the iOS/iPadOS device, go to Settings > General > Device Management > Management Profile, confirm that the profile installation is listed, and then check the iOS/iPadOS policy restrictions.

      Policy restrictions might take up to 10 minutes to appear on the device.

    2. Go to Settings > Safari, and disable Prevent Cross-Site Tracking and Block All Cookies under PRIVACY & SECURITY.
    3. Open a web browser and go to http://diagnose.iws-hybrid.trendmicro.com.

      If the connection status for TMWS is Yes, TMWS is working properly on the device.

Parent topic: iOS/iPadOS Device Configuration