This POC code is to showcase the possibilities of MDM as desired state.
The code provided here is not intended for production use. Deploying this to your machines could result in the leaking of data. These API's are extremely powerful and could potentially result in the loss of MDM management on all of your devices.
Currently, MicroMDM's API should be thought of as an "internal/server API". This means that the api was designed for interacting with the server configurations.
While it can be used/abused for this POC, deploying this to your devices means that devices could potentially change any MDM configuration on your server.
The POC comes with a few global variables to set. These variables are documented in the binary.
- authorization
- baseurl
- airwatch
- micromdm
You cannot specify both airwatch
and micromdm
- airwatchtenantcode
- cachecomputerid
- validateprofiles
- localtest
- ensure the binary is marked as an executable
chmod a+x ./poctool/profiles
- copy it to /usr/local/bin
sudo cp -r ./poctool/profiles /usr/local/bin
After installation, any subsequent chef-runs will immediately use the binary. If you would like to test a profile, simply delete a profile already installed via chef.
Since this was designed to abuse chef, specific arguments must be passed. There are certainly edge cases here.
/usr/local/bin/profiles -I -F /path/to/your.mobileconfig
/usr/local/bin/profiles -Rp profileidentifier
/usr/local/bin/profiles -Po stdout-xml
- If you attempt to remove a profile that is installed locally, it will fail. Please use
/usr/bin/profiles -Rp identifier
instead. A future version of this poc may handle this natively. - If you have scripts (or manually) invoke
profiles
using it's relative path, this tool will take over it's use. More than likely you will receive an error:profiles: error: no such option: %option
- Currently this feature is only available in AirWatch console version 9.1 -> 9.3.
- As of AirWatch 9.3, attempting to install a profile payload greater than 2,000 characters will result in a failure. If your profile is too large for installation, it will be installed locally on the device. This limitation will be removed entirely in a future version of AirWatch.
- As of MicroMDM 1.2, there is a bug in the API for profile removals. This will be fixed in a future version of MicroMDM.
- As of MicroMDM 1.2, attempting to install a profile payload greater than 10,000 characters will result in a failure. If your profile is too large for installation, it will be installed locally on the device. This will be raised to 100,000 characters in a future version of MicroMDM.