I am planning for hundreds of iPad devices that should enroll into MDM using a DEP certificate setting but the network in use inspects SSL/TLS traffic using man in the middle technique in order to decide if outgoing traffic is allowed or not.
Will this inspection prevent enrollment?
Best Answer
The DEP program as well as iOS security design out of the box will likely foil your attempts to enroll a device using networks where you need to install custom CA/certificates.
This is documented at https://www.apple.com/business/dep/ and https://ssl.apple.com/business/docs/DEP_Guide.pdf and I would reach out to your Apple contact that established your "sold to" account for assistance in this.
I wouldn't want to surprise Apple with what you're doing and risk them shutting down your DEP. Also they have engineers that can guide you if other large customers have the same "inspection" needs that you do and there are either undocumented ways to get around the design or otherwise clear only the initial traffic to Apple and then inspect things once the devices are enrolled.
You will have detailed legal agreements with Apple when you sign up for DEP, so you'll want to read through them as well since Apple vets organizations quite thoroughly, you can probably get excellent help directly from Apple if you've already jumped through all the hoops to be qualified for DEP in the first place.