I have been talking with Ron allready about it.

A: Why does the certificate request has to be handled from within IIS and pass on towards a customer rep. (webbased or otherwise), an openssl script should do the trick, upload crt to apple, download the mdm certificate and install it into ZMM. Other vendors like Mobileiron can do it, ZMM should handle it the same way.
B: Why is the need for an official certificate needed, a self signed certificate could work as well. Other vendors are doing it with self signed certificates, mobileiron, zenprise and so on.
C: Why does the ZMM console and iOS client not fully use the Apple notification service. If a user does reset it's ipad and forget to re-register with ZMM, the admin is lost in space. Other vendors have buildin support for admin to directly notify the user or let the iOS app keep on bugging the user that he has forgotten to register with ZMM.
D: why isn't the policy setup not exactly the same as with ZCM? Or device based/group devices/container based or user/group/ou based?
E: why isn't the samsung professional management api not used?
F: Why isn't there an text message option available like with other vendors?
G: why isn't there an ACL option for the webaccess options, for instance, i can't block the admin url for the internet.

Lot more could be asked for, but these are my main concerns at the moment.
I know, lots of why's but then again, if you don't ask, you won't get any...