In an effort to simplify the end-user experience on iOS devices, Citrix will be changing the MDM enrollment steps for all Citrix Endpoint Management (CEM) cloud customers provisioned before 2019.
Currently all Citrix cloud CEM customers install two MDM profiles when enrolling an iOS device in MDM or MDM+MAM modes. These profiles perform two functions:
- Install Server CA Certificate (see below for further description)
- Install MDM management profile
With the changes, the CA Profile in the screenshot below will no longer be required for the user to install.
Historically, Citrix installed this profile for flexibility in using unsigned and signed certificates. Because all Citrix cloud deployments use trusted certificates, this profile is no longer needed.
Recommended Server Configuration
To install the necessary profiles, Citrix recommends setting the server property ios.mdm.enrollment.installRootCaIfRequired to false for XenMobile on-premises customers. The default value is true. Making this change will use an in-app Safari presentation to install the profiles.
Citrix Endpoint Management cloud customers will be automatically adjusted by Citrix cloud operations. Below is a screenshot of this property for on-premises customers:
Customers should begin the process of updating their end-user documentation to account for the Root CA profile no longer being deployed.
Preparing for the Future
We’re making these changes to remove any unnecessary clicks for the end user and make this easier for you. In addition, we’re preparing for future changes to the MDM enrollment process that Apple has been testing in iOS 12 betas that will require users to manually accept profile installation. If enacted, the change will require end users to manually go into iOS Settings -> General -> Profiles, select the MDM profile, and click install.
This is a departure from the current process, where the OS presents the profile automatically for the user to install, and we are working to identify a way to address this update.
For more information on what’s coming from Apple, visit https://support.apple.com/en-us/HT209435.
Citrix recognizes that these changes will impact the user-onboarding process, and we are committed to helping you manage your Citrix environment and maintain a simple and superior user experience.
