Mobile Device Manager (MDM) Enrollment Server provides the services that are required to enable a Windows Mobile device to join the managed device environment.

The following illustration shows the architecture of MDM Enrollment Server.

The MDM Enrollment Server has the following components:

MDM Enrollment Server provides a protected over the air (OTA) process to request and retrieve certificates for Windows Mobile devices. To help protect against malicious attacks, MDM Enrollment Server uses shared-secret encryption to perform protected enrollment over nonsecure connections, such as public General Packet Radio Service (GPRS), or other mobile data networks. This lets users enroll their device without having to cradle it and without having physical access to the company network.

Regardless of the size of your organization, the enterprise requires only one MDM Enrollment Server. If your company has to support the concurrent enrollment of thousands of Windows Mobile devices, consider MDM Enrollment Server similar to a server that is running IIS. In this scenario, you should follow the best practices for any IIS instance, and scale MDM Enrollment Server according to the expected traffic load and protect, or add, a proxy.

For more information about how MDM Enrollment Server enrolls a Windows Mobile device into the managed environment, see Device Enrollment with MDM.