Adding a Configuration Profile to Deploy the TMWS Certificate

Procedure

1. Create a profile file.
   • If you use the TMWS CA certificates, perform the following.
     Create a file, copy and paste the following text into the file, and then save it as <file name>.mobileconfig.

     <?xml version="1.0" encoding="UTF-8"?>
     <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
     <plist version="1.0">
     <dict>
     	<key>PayloadContent</key>
     	<array>
     		<dict>
     			<key>PayloadCertificateFileName</key>
     			<string>tmws_root_ca.cer</string>
     			<key>PayloadContent</key>
     			<data>
     			MIIDljCCAn6gAwIBAgIJANgOQ5e77nThMA0GCSqGSIb3DQEBCwUA
     			MFsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwC
     			Q1UxDjAMBgNVBAoMBVRSRU5EMQwwCgYDVQQLDANJV1MxFDASBgNV
     			BAMMC1RSRU5ELklXUy4yMB4XDTE5MDcwOTE1NTA0N1oXDTM5MDcy
     			NDE1NTA0N1owWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQsw
     			CQYDVQQHDAJDVTEOMAwGA1UECgwFVFJFTkQxDDAKBgNVBAsMA0lX
     			UzEUMBIGA1UEAwwLVFJFTkQuSVdTLjIwggEiMA0GCSqGSIb3DQEB
     			AQUAA4IBDwAwggEKAoIBAQCc1NKr7o9AaGW4C6nSKYzWvEvgJdHg
     			zQ/ehGwx1N/bLlbS01zNC5ceHUpd61BYIWNkHRKOuJVRK/ahN1CI
     			mp56PhcfpEAfxYVaiQXFDpgJws3eJbnaQkUv2NTu346zgkQkvheP
     			2yh5pbPOT3jn7x1MLfQJxzQVaIz969JqfBdYZzLttCmc6cLWUe8L
     			8OzFXb2XYb/E7ths58tDQ25+ZAAf+U7/pwZH4WE+9v+qBXfvbrkk
     			F9Z7H0wLQPLLmV9kY9p0B8soss6NzXk23qTuN3auYnU6CuS9W8eA
     			aoud42SDjyBt8Jd6VYb9fKWCcLOrfPfa9zvPcEhzGW/OEUrp/Bnl
     			AgMBAAGjXTBbMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFDlxXaRS
     			I/Qt89xkIrvz6ePrHifSMB8GA1UdIwQYMBaAFDlxXaRSI/Qt89xk
     			Irvz6ePrHifSMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
     			AQEAD+vHNJr/il0e7+3oxJyI/C8acoX9Yj1XYWRbsJP/9TUom1UZ
     			z2J45Ya8cS6Cvfa42V53B5FjfQ7IJXwJGi/hcqIy9p674kG922Ym
     			E6WolADsSgPis5rKu6IyqDH4v8qNIEbTveuHa7ECc+kMnn88NAjV
     			gxOt+4NNqIKdbSUvFSTB0x0TlC3FYLwT6wtitNyXUoxdN8bIcGgX
     			Ygwj4JG6qK4zLiws5aZByLQqY4Y2FQ0ZuzRhjkZQPEilhjyEu071
     			HP/S+ijY/jXdyCYn3ZlG5hNZF0hC0qfIySSsF6r7fHEoOqcxwT3J
     			PvrXU41htWXKzHGogIYll/xV8tzWjiRASg==
     			</data>
     			<key>PayloadDescription</key>
     			<string>Adds a CA root certificate</string>
     			<key>PayloadDisplayName</key>
     			<string>TREND.IWS.2</string>
     			<key>PayloadIdentifier</key>
     			<string>com.apple.security.root.293117E2-4DE5-449F-B21F-668C17945FA8</string>
     			<key>PayloadType</key>
     			<string>com.apple.security.root</string>
     			<key>PayloadUUID</key>
     			<string>293117E2-4DE5-449F-B21F-668C17945FA8</string>
     			<key>PayloadVersion</key>
     			<integer>1</integer>
     		</dict>
     		<dict>
     			<key>PayloadCertificateFileName</key>
     			<string>tmws_root_ca2.cer</string>
     			<key>PayloadContent</key>
     			<data>
     			MIIF6zCCA9OgAwIBAgIUY0MDIYl3oheMRUKqfHyVcx5d1gEwDQYJKoZIhvcNAQEL
     			BQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJDVTEUMBIG
     			A1UECgwLVHJlbmQgTWljcm8xDTALBgNVBAsMBFRNV1MxLzAtBgNVBAMMJlRyZW5k
     			IE1pY3JvIFdlYiBTZWN1cml0eSBDbG91ZCBSb290IENBMB4XDTIwMDgxNzA2NTky
     			MVoXDTQwMDkwMTA2NTkyMVowfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQsw
     			CQYDVQQHDAJDVTEUMBIGA1UECgwLVHJlbmQgTWljcm8xDTALBgNVBAsMBFRNV1Mx
     			LzAtBgNVBAMMJlRyZW5kIE1pY3JvIFdlYiBTZWN1cml0eSBDbG91ZCBSb290IENB
     			MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuHcSU43KYws7UxoyfH8R
     			cnaO0cr/HETn3npjrKxWy3+L8/RSPg/KjUgZhVIqcYgef40rsNoNrM67UwdRxlDp
     			r7qKT47PZFaIwMCpfqPFHYvnz7JlcomfeY576ksnMZ87X7ThK3ZqXAuuTUHeDUXe
     			p9QAWmPMJwq15xGfPf28AR8jEfF8V0xbFHbyMYQyKpzbPDUGAgiLgKGiDsYkEpi6
     			5FfOGNKHjauQ+s1BlO/j9MLtp2Jf9me27iSyluD+ATo93a7Z3vlHBIyazENhPG7y
     			Ja971DBy8FUhKWrrn1Nv2VBCT+4bVpKAvoIqhbFFytBcTRfq0dRMPmiB9ug2BjxD
     			ry5Uucko8jMT2aN96M+Jm5Rlaq9W/ci7jkVgwDAAPtGDum8Eyxt38CRkmfFcMpXM
     			OnPBdaDcvTXwIU+TSd2g8nJqHlD19Ijb1QuoRzA+45ByparF5/1QvPhd9nHKBUN+
     			foNZJXBXdKBPtycjjL+8zeS3KXA2qo5gn2B6BOsG67O4/4uAEqEB7WsLpdCaKk4z
     			rA5fiNyBarRsXY6ueuEnwkupxyswldzihj2/HNZtdk1pZQo9PIUe4PmuSoBJxvQw
     			yBJ+AI9hOJ6UpTsS/UX9ei0z87ZBiLKPh4zUjZtPzI4UQErv3QigG/v+fnMmhEAO
     			Y0lTQfpqWoBsADZyLwzpZh0CAwEAAaNjMGEwHQYDVR0OBBYEFBRXUcrpvwS0GfK1
     			BExFs5lWHd5tMB8GA1UdIwQYMBaAFBRXUcrpvwS0GfK1BExFs5lWHd5tMA8GA1Ud
     			EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBI
     			Yss8K8xKhzUbqyXJUYvj3Hn7vORhn/V7igI/GSS2qMrdwAf32tAJTNIUrMY4t953
     			JqKrq5riO+b8cWuiQ/uBBOdPgNNFrV18Rvha8A7EjRtMs6iqi+41fzsbD0A5yGi1
     			f1QdKVCQDjGvwh1/TO+foQEk+2A2P1/SwiRatfL4KndaW1MJdmE04XnWgvdxut+j
     			gxLO4G5ZnsMCALE2XxK1Ocro1wBuC46V35R4WqX446GHWw45VQhM+Ffj+yuCWzK9
     			bv6CTo+PDChOiiTEWjL/OR7a2Q4hN0nk3T0sdz+HAQ38IepDrf+Yb5y6TGpn00Oy
     			zuXYBXUH6PpHIK+Ds6Ekvm9A3v0TyRg4XCc3ZzGyQvKRhkEuf68V67W511yOLOvL
     			zOKUGh92JnHtyweN8CWeaG412UEWYKhJqTpAoz7DRBqBS3Iz5xZb+lDFmOSoqIQp
     			OJQRNLnWH+8RD9rRQcer+aze+7QqzJs7l9k7XTtwAYbfzh3ILKUn/WYYHcyI/oU8
     			rbUkypejehCoTUCMIQf7nhe+z+JjaXGbCPc5meCIvKJexvzrEt8FtNO4Xqy6dnwh
     			aI0qeRa3qKnIlWSlss03Yjv3VrboNQAdeLqX9lE+Esx3D493JxZCFOkI37IYSGtw
     			Ja1Ww/+3VAszyyrIU5j702NqLJGFcX18LGC404RYeg==
     			</data>
     			<key>PayloadDescription</key>
     			<string>Adds a CA root certificate</string>
     			<key>PayloadDisplayName</key>
     			<string>Trend Micro Web Security Cloud Root CA</string>
     			<key>PayloadIdentifier</key>
     			<string>com.apple.security.root.54DAAE8F-9FA8-420E-BADE-6238B585396B</string>
     			<key>PayloadType</key>
     			<string>com.apple.security.root</string>
     			<key>PayloadUUID</key>
     			<string>54DAAE8F-9FA8-420E-BADE-6238B585396B</string>
     			<key>PayloadVersion</key>
     			<integer>1</integer>
     		</dict>
     	</array>
     	<key>PayloadDisplayName</key>
     	<string>TMWS ca</string>
     	<key>PayloadIdentifier</key>
     	<string>2020.15D12E18-1B48-4D63-8C98-47E9E33D6B7F</string>
     	<key>PayloadRemovalDisallowed</key>
     	<false/>
     	<key>PayloadType</key>
     	<string>Configuration</string>
     	<key>PayloadUUID</key>
     	<string>D86D70A5-87F2-4352-A9A8-DCD608EEF391</string>
     	<key>PayloadVersion</key>
     	<integer>1</integer>
     </dict>
     </plist>

   • If you have cross-signed your organization's own CA certificate with the CSR file provided by Trend Micro, perform the following.
     1. Open your organization's CA certificate and locate the certificate content.

        -----BEGIN CERTIFICATE-----
        #your organization's certificate content#
        -----END CERTIFICATE-----

     2. Create a file with the following text and then save it as <file name>.mobileconfig.

        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
        <plist version="1.0">
        <dict>
        	<key>PayloadContent</key>
        	<array>
        		 <dict>
        			<key>PayloadCertificateFileName</key>
        			<string>#your organization's certificate file name#</string>
        			<key>PayloadContent</key>
        			<data>
        			#your organization's certificate content#
                                </data>
        			<key>PayloadDescription</key>
        			<string>Adds a CA root certificate</string>
        			<key>PayloadDisplayName</key>
        			<string>#Customize a name#</string>
        			<key>PayloadIdentifier</key>
        			<string>com.apple.security.root.293117E2-4DE5-449F-B21F-668C17945FA8</string>
        			<key>PayloadType</key>
        			<string>com.apple.security.root</string>
        			<key>PayloadUUID</key>
        			<string>293117E2-4DE5-449F-B21F-668C17945FA8</string>
        			<key>PayloadVersion</key>
        			<integer>1</integer>
        		</dict>
        	</array>
        	<key>PayloadDisplayName</key>
        	<string>Company ca</string>
        	<key>PayloadIdentifier</key>
        	<string>2020.15D12E18-1B48-4D63-8C98-47E9E33D6B7F</string>
        	<key>PayloadRemovalDisallowed</key>
        	<false/>
        	<key>PayloadType</key>
        	<string>Configuration</string>
        	<key>PayloadUUID</key>
        	<string>D86D70A5-87F2-4352-A9A8-DCD608EEF391</string>
        	<key>PayloadVersion</key>
        	<integer>1</integer>
        </dict>
        </plist>

     3. Replace the value of the following keys in the file.
        • <key>PayloadCertificateFileName</key>: Your organization's certificate file name.
        • <key>PayloadContent</key>: Your organization's certificate content.
        • <key>PayloadDisplayName</key>: Customize a name as necessary.
     4. Save the file.
2. Create a profile in the Microsoft Endpoint Manager admin center.
   1. In the Microsoft Endpoint Manager admin center, go to Devices → iOS/iPadOS → Configuration profiles, and then click Create profile.
   2. On the Create a profile screen, set the following parameters and click Create.
      • Profile type: Select Templates.
      • Template name: Select Custom.
   3. On the Custom screen that appears, specify a name for the profile on the Basics tab and click Next.
   4. On the Configuration settings tab that appears, specify a name for the configuration profile, upload the configuration profile file created in step 1, and then click Next.
   5. On the Assignments tab, click Add groups, Add all users, or Add all devices under Included groups to assign the TMWS Agent app to your users.

      Note If you select Add group, make sure you select the same group or groups in the app information configuration, configuration policies, and configuration profiles for the TMWS Agent app for iOS/iPadOS.

   6. Click Next.
   7. On the Review + create tab that appears, confirm the information you specified and click Create.
      The policy is successfully added to Intune and listed on the Configuration profiles screen.