Product Documentation

To configure a Microsoft certificate services policy

Dec 21, 2015

Before you can configure a Microsoft certificate services policy, you need to configure a Microsoft CA credential provider in the Device Manager Options dialog box. Once the Microsoft CA credential provider has been configured, then you can create the policy that references the provider. For instructions, see To create a credential provider using external PKI entities.

  1. Click the Policies tab in the Device Manager console.
  2. On the left-hand pane, under iOS, click Configuration profiles.
  3. Click New Configuration > Profiles and Settings > Credentials .
  4. In the Credential configuration creation dialog box, on the General tab, enter the following information:
    1. Identifier. Type a name for the profile that identifies it uniquely to the user. This name must be unique and not in use by any other profile, or if this name matches the name of another policy, the first policy will be overwritten.
    2. Display name. Type a name of the profile as it will appear in the Device Manager web console.
    3. Organization. Type your company or organization name.
    4. Description. Type an optional description to describe the policy.
    5. In the Allow Profile Removal section, choose one of the following:
      • Always. Allows the profile to always be removable.
      • Authentication. Allows you to enter a required password that is used when profile is removed. Requires a password.
      • Never. Prevents the profile from ever being removed.
    6. Select the Automatic Removal Date check box if you want to select a specific date on which to remove the profile.
    7. Select the Duration until removal (in days) check box to specify a set a period of time after which the profile will automatically be removed.
  5. Next, select the Credential tab, and configure the following settings:
    1. Credential Type. Select Credential Provider.
    2. Credential Provider. Select the Microsoft CA credential provider you previously configured in the Device Manager Options dialog box.
  6. Click Create.

This policy can now be deployed to iOS devices. For information, see Creating Deployment Packages