MDM Profile Signing
You can optionally sign the MDM profile.
When a signed profile is installed on a user device during MDM enrollment, the device will be able to verify the chain of trust and will display the MDM profile as "Verified".
To sign the profile:
- In the Configuration Manager console, navigate to Administration/ Overview / Parallels Mac Management / Mobile Device Management / MDM Service.
- Right-click MDM Service in the right pane and choose Configure Signing.
- The Signing Certificate Properties dialog opens. In the dialog, click the Configure button.
- The Signing Certificate Configuration Wizard opens.
- On the first page of the wizard, select the Enable Signing option.
- In the Certificate file field, specify a certificate file. If the certificate file is password-protected, specify the password.
- Select the Ensure that the certificate can be verified on a Mac computer to install the root certificate of the signing certificate as trusted on a Mac computer or Apple mobile device during MDM enrollment. If the certificate that you are using is from a publicly-trusted CA, then the root certificate should be already installed on a device, in which case you don't have to install it.
- Click Next and complete the wizard.
Please note that previously enrolled devices will not get the signed profiles automatically. The existing profiles will continue to function, but will be displayed on a device as "Not verified".