Data flow: Activating a 

macOS

 device

 You make sure that the user has a 

BlackBerry UEM

 user account and the login information for 

BlackBerry UEM Self-Service

, including:

Web address for 
BlackBerry UEM Self-Service
Username and password
Domain name

The user logs in to 

BlackBerry UEM Self-Service

 on their 

macOS

 device and activates the device.

The device sends an activation request to 

BlackBerry UEM

 on port 443.

BlackBerry UEM

 provides the MDM profile to the device. This profile contains the MDM activation URL and the challenge. The MDM profile is wrapped as a PKCS#7 signed message that includes the full certificate chain of the signer, which allows the device to validate the profile. This triggers the enrollment process.

The native MDM Daemon on the device sends the device profile, including the customer ID, language, and OS version, to 

BlackBerry UEM

.

BlackBerry UEM

 validates that the request is signed by a CA and responds to the native MDM Daemon with a successful authentication notification.

The native MDM Daemon sends a request to 

BlackBerry UEM

 asking for the CA certificate, CA capabilities information, and a device issued certificate.

BlackBerry UEM

 sends the CA certificate, CA capabilities information, and the device issued certificate to the native MDM Daemon.

The native MDM Daemon installs the MDM profile on the device.

BlackBerry UEM

 acknowledges that the MDM activation is complete.

The device requests all configuration information.

BlackBerry UEM

 stores the device information in the database and sends configuration information to the device.

The device sends an acknowledgment to 

BlackBerry UEM

 that it received and applied the configuration information. The activation process is complete.