[MS-MDE2]: Mobile Device Enrollment Protocol Version 2
|
This topic lists the Errata found in [MS-MDE2] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to these RSS or Atom feeds to receive update notifications. Errata are subject to the same terms as the Open Specifications documentation referenced. |
|
|---|
To view a PDF file of the errata for the previous versions of this document, see the following ERRATA Archives:
October 16, 2015 - Download
June 30, 2015 - Download
July 18, 2016 - Download
September 15, 2017 - Download
Errata below are for Protocol Document Version V2.0 – 2017/09/15.
|
Errata Published* |
Description |
|---|---|
|
2017/09/25 |
In three sections the text has been changed to add normative definitions of these named attributes and their values.
In Section 3.4.4.1.1.1.1, RequestSecurityToken using Federated Authentication, changed from:
The following eight elements are supported in an implementation-specific manner.<14>
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "Locale".
ac:Value: The <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string that specifies the locale of the device.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "HWDevID".
ac:Value: The <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a 64-hex character length UTF-8 string that specifies the hardware device ID.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "BulkAADJ". This attribute will be present only if the enrollment is taking place as part of Bulk Azure Active Directory Join.
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and MUST be the literal string “true” indicating that the enrollment is taking place as part of Bulk Azure Active Directory Join.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "ZeroTouchProvisioning". This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning.
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string that represents a GUID used by Zero Touch Provisioning.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "UXInitiated".
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and MUST be boolean value that indicates whether the enrollment is user initiated from the Settings page.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "ExternalMgmtAgentHint".
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string the agent uses to give hints the enrollment server may need.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "DomainName". ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string specifying the fully qualified domain name, if the device is domain-joined.
<14> Not supported in Windows 10 v1607 and earlier releases of the Windows 10 operating system. In addition, the values UxInitiated, ExternalMgmtAgentHint, and DomainName are not supported in Windows 10 v1703 operating system and earlier releases of the Windows 10 operating system.
Changed to:
The following sixteen elements are supported in an implementation-specific manner.<14>
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "Locale".
ac:Value: The <ac:Value> element MUST be a child of< ac:AdditionalContext> and the value is a UTF-8 string that specifies the locale of the device.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "HWDevID".
ac:Value: The <ac:Value> element MUST be a child of< ac:AdditionalContext> and the value is a 64-hex character length UTF-8 string that specifies the hardware device ID.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "BulkAADJ". This attribute will be present only if the enrollment is taking place as part of Bulk Azure Active Directory Join.
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and MUST be the literal string “true” indicating that the enrollment is taking place as part of Bulk Azure Active Directory Join.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "ZeroTouchProvisioning". This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning.
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string that represents a GUID used by Zero Touch Provisioning.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "UXInitiated".
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and MUST be boolean value that indicates whether the enrollment is user initiated from the Settings page.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "ExternalMgmtAgentHint".
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string the agent uses to give hints the enrollment server may need.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "DomainName". ac:Value: If included, this< ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string specifying the fully qualified domain name, if the device is domain-joined. ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "BootstrapDomainJoin". ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and MUST be a boolean value that indicates whether a hint will be sent when attempting to Domain Join during OOBE. The MDM can use this hint to send down any Domain Join information and connectivity profiles to the domain that it needs.
<14> Not supported in Windows 10 v1607 and earlier releases of the Windows 10 operating system. In addition, the values UxInitiated, ExternalMgmtAgentHint, DomainName, and BootstrapDomainJoin are not supported in Windows 10 v1703 operating system and earlier releases of the Windows 10 operating system.
In Section 3.4.4.1.1.1.2, RequestSecurityToken using Certificate Authentication, changed from:
The following six elements are supported in an implementation-specific manner.<15>
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "Locale".
ac:Value: The <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string that specifies the locale of the device.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "HWDevID".
ac:Value: The <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a 64-hex character length UTF-8 string that specifies the hardware device ID.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "ZeroTouchProvisioning". This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning. ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string that represents a GUID used by Zero Touch Provisioning.
<15> Not supported in Windows 10 v1607 and earlier releases of the Windows 10 operating system.
Changed to:
The following twelve elements are supported in an implementation-specific manner.<15> ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "Locale". ac:Value: The <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string that specifies the locale of the device. ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "HWDevID". ac:Value: The <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a 64-hex character length UTF-8 string that specifies the hardware device ID. ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "ZeroTouchProvisioning". This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning. ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string that represents a GUID used by Zero Touch Provisioning. ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "UXInitiated". ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and MUST be boolean value that indicates whether the enrollment is user initiated from the Settings page. ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "ExternalMgmtAgentHint". ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string the agent uses to give hints the enrollment server may need. ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "DomainName". ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string specifying the fully qualified domain name, if the device is domain-joined.
<15> Not supported in Windows 10 v1607 and earlier releases of the Windows 10 operating system. In addition, the values UxInitiated, ExternalMgmtAgentHint, and DomainName are not supported in Windows 10 v1703 operating system and earlier releases of the Windows 10 operating system.
In Section 3.4.4.1.1.1.3, RequestSecurityToken using On-Premise Authentication, changed from:
The following eight elements are supported in an implementation-specific manner.<16> ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "Locale". ac:Value: The <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string that specifies the locale of the device. ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "HWDevID". ac:Value: The <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a 64 hex character length UTF-8 string that specifies the hardware device ID. ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "BulkAADJ". This attribute will be present only if the enrollment is taking place as part of Bulk Azure Active Directory Join. ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and MUST be the literal string “true” indicating that the enrollment is taking place as part of Bulk Azure Active Directory Join. ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "ZeroTouchProvisioning". This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning. ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string that represents a GUID used by Zero Touch Provisioning.
<16> Not supported in Windows 10 v1607 and earlier releases of the Windows 10 operating system.
Changed to:
The following twelve elements are supported in an implementation-specific manner.<16> ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "Locale".
ac:Value: The <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string that specifies the locale of the device.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "HWDevID".
ac:Value: The <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a 64 hex character length UTF-8 string that specifies the hardware device ID.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "ZeroTouchProvisioning". This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning.
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string that represents a GUID used by Zero Touch Provisioning.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "UXInitiated".
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and MUST be boolean value that indicates whether the enrollment is user initiated from the Settings page.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "ExternalMgmtAgentHint".
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string the agent uses to give hints the enrollment server may need.
ac:ContextItem/attributes/Name: The <ac:ContextItem> Name attribute MUST be the literal string "DomainName".
ac:Value: If included, this <ac:Value> element MUST be a child of <ac:AdditionalContext> and the value is a UTF-8 string specifying the fully qualified domain name, if the device is domain-joined.
<16> Not supported in Windows 10 v1607 and earlier releases of the Windows 10 operating system. In addition, the values UxInitiated, ExternalMgmtAgentHint, and DomainName are not supported in Windows 10 v1703 operating system and earlier releases of the Windows 10 operating system. |
*Date format: YYYY/MM/D