I should clarify my request a little better. I am using an MDM to manage iPads via MPLS. I am able to enroll the devices and apply the initial payload policies to the iPads but once enrolled I can no longer update policies or remote lock the devices. I can still remove and reset the MDM agent or gather the GPS data etc though. I'm assuming it is because I have something configured not quite right in relation to the iPads communication over the MPLS.
I can put the device out on the internet and apply policies without issue.
Currently the iPads sit behind a proxy and have port 5223 open to APNS as per vendor documentation.
I cannot see any errors on the MDM agent logs, the MDM server or the firewall.
The site name is a bit scary, but this pdf describes the MDM protocol.
"This paper describes how Apple’s MDM system works. It details the method by
which an MDM server initiates a connection to a managed device, how the device
enrolls with the server, and the various commands available to the system. Full
parameters are provided for each command, as well as details for specialized
responses from the device. Finally, source code is provided for a very simple MDM
server, that will permit basic experimentation with the MDM protocol using actual