Windows Phone 8.1 MDM Push functionality

Here is an attempt to provide a brief overview of Windows Phone 8.1 MDM Push functionality.

In Windows Phone 8, the MDM (OMA-DM) client periodically polls the management server to check if there are new policies or instructions.The polling interval can be configured by the MDM. Starting in Windows Phone 8.1, in addition to polling,DMClient supports the ability to configure Push initiated device management sessions,to perform near real-time operations for payloads that are considered time-critical e.g. device wipe or lock. Utilizing Windows Notification Service (WNS), a management server can request a device to establish a management session with the server through a push notification.

How can we make use of this functionality?

You can use Push to perform Remote Wipe, to deploy WAP,VPN certificates, install LOB application update and provide renewed certificate.

What are the steps required to configure MDM Push functionality?

1.  Obtain Push credentials using the following steps:

Start by visiting Windows Dev Center https://dev.windows.com/en-us and sign in using developer account.

Reserve an application name by selecting "Submit an app" and "App name".   Make sure you never delete this App, or your push notification credentials will be invalidated.

 

 

Next Select "services" and "Live Services Site" as shown below.

 
  
 

You can find the PackageSID and Client Secret in the "App Settings". These are required to send push notifications from server.

 

 

 

 
2. Generate PFN ,Package Family Name

a.In Visual Studio 2013, create a Windows 8.1 Store Project

b. From the Project menu select “Store” then “Associate App with the Store…”

c. In Visual Studio, select Build -> Deploy Solution.

In the console output, there will be a reference to the Package Full Name.  This is the superset of the PFN that you should send to the device 

------ Build started: Project: App1, Configuration: Debug Any CPU ------ 

  App1 ->
c:\users\<username>\documents\visual studio 2013\Projects\App1\App1\bin\Debug\App1.exe

------ Deploy started: Project:App1, Configuration: Debug Any CPU

 ------ Creating a new clean layout...Copying files: Total <1 mb to layout... Registering the application to run
from layout

... Deployment complete. Full package name: 52314Publisher.TestWNS_1.1.0.0_x86__t6e9vsyjkrw9w

   
52314Publisher.TestWNS_1.1.0.0_x86__t6e9vsyjkrw9w

Please remove this section with the app version and instead just use the portion in the below format for PFN 

52314Publisher.TestWNS_t6e9vsyjkrw9w

d. Convert the above PFN to lower case before sending it to the device.

 52314publisher.testwns_t6e9vsyjkrw9w

 

3.Set PFN using DMClient CSP on devices .

 MDM server should query the Channel Uri and status properties on subsequent sync sessions.

4.Next step is to send Push notification

MDM Server authenticates with WNS server as described in the following article and receives access token. After retrieving access token server has to POST a Raw notification to the Channel Uri

https://msdn.microsoft.com/en-us/library/windows/apps/hh913756.aspx#authenticating_your_cloud_service

  • The HTTP Content-Type header must be set to"application/octet-stream".
  • The HTTP X-WNS-Type header must be set to "wns/raw".
  • The Authorization header must be set to the AccessToken obtained in the previous step.
  • The notification body can contain any string payload smaller than 5 KB in size.
    (Note: The body content is ignored but you must still send a small payload.)
  • The Content-Length must equal the number of  bytes in the body.

 

How it Works?

1. When an MDM Server enables push , server sends PFN using DMClient CSP during an OMA-DM session. The PFN gets used to register for push notifications with the WNS Client .Along with registering with the WNS Client the DMClient also requests a channel URI. The WNS Client communicates with the WNS server to get a channel URI. The WNS Client returns the Channel URI to the DMClient. During the same OMA-DM session the MDM server requests the URI which gets delivered by DMClient . We recommend that the MDM server checks for an updated channel Uri on every new OMA-DM session

2. When an MDM server wants to start a push command, server sends an HTTP post to the channel URI which is the WNS Server .WNS server resolves who the notification is for and communicates with the appropriate WNS Client .The WNS Client then signals Event whose name was given during PFN registration which triggers a task to handle the Notification. The Notification handler proceeds to start a new OMA-DM session.

Hope this helps.

Follow the Windows Store Developer Solutions team on Twitter @wsdevsol.