Intune
Renewing Your Apple MDM Certificate for Intune
Topics: Intune
Right Click Tools Enterprise is loved and trusted by thousands.
Our customers renew because Right Click Tools makes ConfigMgr—and now Intune—even more powerful.
It was the day before your Apple Push Certificate expired, and you had been putting this off for exactly 365 days. But here we are, faced with the reality that we need to manually renew this certificate. Thank you, Apple, for the email reminder. Well, fear no more! I’ve broken down this guide step by step to serve as a refresher from last year. If you are like me and have less than 24 hours to get this renewed, let’s get to it.
Reminder for Your Apple MDM Certificate Renewal
Why Is It Important to Renew an Apple Push Certificate?
The Apple MDM Push certificate is essential for managing iOS/iPadOS/macOS devices in Microsoft Intune. This certificate must be renewed annually to maintain device management capabilities. It enables devices to enroll using the Company Portal app and Apple bulk enrollment methods such as the Device Enrollment Program, Apple School Manager, and Apple Configurator.
To ensure continuous management, the certificate must be renewed every 365 days through the Apple Push Certificates Portal and Intune. After the certificate expires, a 30-day grace period is provided for renewal.
Prerequisites for Renewing Your Apple MDM Certificate for Intune
- Apple ID Credentials used to create the MDM Push Certificate
Tip: Create a shared account, such as certificates@contoso.com, for certificate renewals. This ensures that if a team member leaves, you won’t need to recreate the MDM Push certificate and reenroll all your devices with a new one. Ensure that multiple people have access to the Apple ID credentials and can navigate the Multi-Factor Authentication prompt from Apple, if required in your environment.
Step by Step: How to Renew Your Apple MDM Certificate for Intune
Go to intune.microsoft.com > Devices > Click on iOS/iPadOS.
Click on iOS/iPadOS enrollment > followed by clicking on Apple MDM Push certificate.
After clicking on the Apple MDM Push Certificate, we’ll be prompted to view the following information: the current status of the certificate, the Apple ID used to upload the certificate, days until expiration, expiration date, etc.
Click on Download your CSR, which is required to renew the Apple MDM Push Certificate.
You should see the CSR file download. Keep this handy; it will be important later.
Apple Push Certificates Portal
After the file has successfully downloaded, go ahead and visit the Apple Push Certificates Portal at https://identity.apple.com/pushcert and log in to the portal with the credentials you used to create the certificate. Click on Renew for the expired (or soon-to-be-expired) certificates.
Important: Do not create a new certificate. If you create a new certificate, you will have to re-enroll your devices. While this might be manageable if you have only two devices, it can be a nightmare when managing several thousand devices.
Click on Choose File to add that CSR file that I mentioned above.
Find that CSR file—in my case, it’s called IntuneCSR.csr.
Click on Upload.
Once confirmed, click on Download to get the new push certificate, which will be named MDM_Microsoft Corporation_Certificate.pem. We will upload this new certificate to our Intune portal.
Now head back to https://intune.microsoft.com > Devices > iOS/iPadOS enrollment > Apple MDM Push certificate. To manage the certificate, add your Apple ID used to create the Apple MDM Push Certificate, upload the MDM_Microsoft Corporation_Certificate.pem we just downloaded > click Upload.
After uploading, you will see several changes on the Configure MDM Push Certificate page. Notably, the status will change from ‘Expired’ to ‘Active’, and a new expiration date will be displayed.
See you back here in 365 days!
