To enroll and manage iOS/MAC devices into Endpoint Manager, you need to create an Apple MDM Push Certificate. These certificates expire 365 days after you create them and must be renewed manually in the Endpoint Manager portal.
You will receive a notification email 30 days before the Apple MDM Push Certificate expires. It’s strongly recommended to renew the certificate before the expiration method.
If you don’t renew the certificate in time, you will need to re-enroll all Apple devices. In a lab environment, this can be done easily, but in a production environment with a hundred or thousand devices, this could mean a nightmare.
This post will describe how to Renew Apple MDM Push Certificate in Endpoint Manager
Besides the expiration email, you can see that your certificate is expired or the expiration date in the Endpoint Manager Portal.
- In the Endpoint Manager Portal
- Click Devices / iOS/iPadOS Enrollment and select Apple MDM Push Certificate
Antoher sign that your Apple MDM Push Certificate is expired would mean that users can’t access company ressource because the default company policy would block them.
If you tries to enroll the device, the company portal will send an error :
Couldn’t add your device. Contact your IT Admin for assistance with this issue. APNSCertificateNotValid
Renew Apple MDM Push Certificate in Endpoint Manager
Hopefully, you found out before your certificate expires…right ??… For this post, our certificate is expired for a while. The procedure to Renew Apple MDM Push Certificate in Endpoint Manager is still the same.
So this is how to do it :
- In the Endpoint Manager Portal
- Click Devices / Ios/iPadOS Enrollment and select Apple MDM Push Certificate
- In the Configure MDM Push Certificate pane
- Check the agreement in #1
- In the second step (#2), click on Download your CSR. A file will download in your browser. Keep this file for the next step
- On the third step (#3), click on Create your MDM Push Certificate
- You’ll be redirected on the Apple Push Certificate Portal
- Login using the Apple ID used to create the certificate in the first place
- In the Certificate Portal, select your Mobile Device Management Certificate and click Renew
- In the Renew Push Certificate Portal, click the Choose file button and provide the Intune.CSR file that you’ve downloaded in the previous step
- Click Upload
- On the next page, click Download. The MDM_ Microsoft Corporation_Certificate.pem file will download. Keep this file for the next steps.
- Back in the Endpoint Manager Portal
- Complete step 4 by entering your Apple ID
- Complete step 5 by entering the MDM_ Microsoft Corporation_Certificate.pem that you just downloaded
- Click Upload at the bottom
Once completed, refresh the page and look at the top of the pane. You certificate should show ACTIVE and the Days until expiration will show 365
You’ve successfully renewed Apple MDM Push Certificate in Endpoint Manager. You can now re-enroll your device if the certificate was expired. You don’t have anything else to do on your Apple device if the certificate was still valid before the renewal process.
Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 5 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.