Apple Enterprise Network Requirements for SOTI MobiControl

Apple services fail any connection that uses HTTPS Interception or SSL Inspection. If the HTTPS traffic traverses a web proxy, disable HTTPS Interception for the hosts listed in the Apple documentation.

You can use Apple services through a proxy if you disable packet inspection and authentication for traffic to and from the listed hosts. Attempts to perform content inspection on encrypted communications between Apple devices and services result in a dropped connection to preserve platform security and user privacy.

An MDM solution must use a fully qualified domain name that can be resolved inside and outside the organization’s network. This lets the server manage devices whether they are connected locally or remotely. To maintain connectivity with clients, this domain name must not be changed. To configure your network for MDM, see Apple Platform Deployment.

You must bind a third-party commercial certificate such as GlobalSign or Let’s Encrypt to your server to verify the fully qualified domain name. Apple services do not trust internal self-signed certificates; therefore, these certificates are not suitable.

For the following requirements for the Apple Enterprise network, see Apple documentation:
  • Device setup
  • Device management
  • Apple Business Manager
  • Software updates
  • App store
  • Certificate validation