Deploying the TMWS Agent App on iOS/iPadOS

Procedure

1. Go to Administration → SERVICE DEPLOYMENT → Enforcement Agent.
2. On the Enforcement Agent page, configure the following settings:
   • Agent platform: Select iOS/iPadOS.
   • Hosted PAC file: Select a PAC file from the drop-down list.
     TMWS provides a default PAC file for use on iOS/iPadOS. The PAC files already created on the PAC Files screen are also listed. For more information on adding a PAC file, see PAC Files.

     Note Once selected, the PAC file will be used in the TMWS Agent app. If you modify the content of the selected PAC file or choose another PAC file, it will take a few minutes for the update to take effect. If there are users who encounter network connection issues because of this, instruct them to disconnect and re-connect in the TMWS Agent app.

   • Company token: Click Generate Company Token to generate a token if you deploy the TMWS Agent app through Microsoft Intune.

     Note This action generates a new token for the TMWS Agent app on both iOS/iPadOS and Android. You need to update the token in Microsoft Intune for the app on both platforms.

3. Choose one of the following to deploy the TMWS Agent app to the required Apple devices.
   • If you do not use Microsoft Intune for mobile device management (MDM), perform the following:
     1. Check whether your domain is already in use by another organization: go to Administration → SERVICE DEPLOYMENT → PAC Files and check whether A unique port has been assigned is displayed on the page.
        If yes, go to Administration → SERVICE DEPLOYMENT → Enforcement Agent, click iOS/iPadOS, provide the user portal QR code on this screen to users, and instruct users to scan the QR code to get the user portal address.
     2. Provide the TMWS cloud root CA certificate for the users to get or download to their Apple devices.
     3. Instruct users to visit Configuring iOS/iPadOS Devices Through the TMWS Agent App for how to install and configure the TMWS Agent app on their devices.

        Note If the existing HTTPS decryption rules apply to the domains accessed by apps, the iOS/iPadOS 15 users may encounter problems when using these apps, such as failure to open an app. To solve the problems, you need to add the domains accessed by these apps to the SkipHosts variable of the PAC file in use. For details about how to edit the PAC file, see Configuring A PAC File.

   • If you use Microsoft Intune, perform the following:
     1. Enroll the managed iOS/iPadOS devices into Microsoft Intune.
        For more information, see the Microsoft documentation.

        Important Because the TMWS Agent app requires user affiliation, make sure you have enrolled the devices with user affinity.

     2. Add the TMWS Agent app to Microsoft Intune.
     3. Add an app configuration policy for the managed iOS/iPadOS devices.
     4. Add a configuration profile to deploy the TMWS VPN.
     5. Add a configuration profile to deploy the TMWS certificate.
     6. Configure the TMWS Agent app on the managed iOS/iPadOS devices.

     Note After the deployment is completed, if you modify any of the following Microsoft Intune settings, instruct your users to open the TMWS Agent app on their devices for the settings to be applied: Settings listed in step 4 of Adding an App Configuration Policy Settings listed in step 4 of Adding a Configuration Profile to Deploy the TMWS VPN