You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An Apple MDM Push certificate is required for Intune to manage iOS/iPadOS and macOS devices. After you add the certificate to Intune, your users can enroll their devices using:
38
+
Upload and renew your Apple MDM push certificates in Microsoft Intune. An Apple MDM Push certificate is required to manage iOS/iPadOS and macOS devices in Microsoft Intune, and enables devices to enroll via:
39
39
40
-
- The Company Portal app.
40
+
- The Intune Company Portal app.
41
+
- Apple bulk enrollment methods, such as the Device Enrollment Program, Apple School Manager, and Apple Configurator.
41
42
42
-
- Apple's bulk enrollment methods like the Device Enrollment Program, Apple School Manager, or Apple Configurator.
43
+
Certificates must be renewed annually.
43
44
44
-
For more information about enrollment options, see [Choose how to enroll iOS/iPadOS devices](ios-enroll.md).
45
-
46
-
When a push certificate expires, you must renew it. When renewing, make sure to use the same Apple ID that you used when you first created the push certificate.
45
+
This article describes how to use Intune to create and renew an Apple MDM push certificate.
47
46
48
47
49
48
## Steps to get your certificate
@@ -73,18 +72,22 @@ Record this ID as a reminder for when you need to renew this certificate.
73
72
Go to the certificate (.pem) file, choose **Open**, and then choose **Upload**. With the push certificate, Intune can enroll and manage Apple devices.
74
73
75
74
## Renew Apple MDM push certificate
76
-
The Apple MDM push certificate is valid for one year and must be renewed annually to maintain iOS/iPadOS and macOS device management. If your certificate expires, enrolled Apple devices cannot be contacted.
75
+
The Apple MDM push certificate is valid for one year. You must renew it annually to maintain iOS/iPadOS and macOS device management. Once the certificate expires, there is a 30-day grace period to renew it.
77
76
78
-
The certificate is associated with the Apple ID used to create it. Renew the MDM push certificate with the same Apple ID used to create it.
77
+
Renew the MDM push certificate with the same Apple ID you used to create it.
79
78
80
79
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Enroll devices** > **Apple enrollment** > **Apple MDM Push Certificate**.
81
80
2. Choose **Download your CSR** to download and save the request file locally. The file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
82
81
3. Select **Create your MDM push Certificate** to go to the Apple Push Certificates Portal. Find the certificate you want to renew and select **Renew**.
83
82
4. On the **Renew Push Certificate** screen, provide notes to help you identify the certificate in the future, select **Choose File** to browse to the new request file you downloaded, and choose **Upload**.
84
83
> [!TIP]
85
-
> A Certificate can be identified by its UID. Examine the **Subject ID** in the certificate details to find the GUID portion of the UID. Or, on an enrolled iOS/iPadOS device, go to **Settings** > **General** > **Device****Management** > **Management Profile** > **More Details** > **Management Profile**. The second line item, **Topic**, contains the unique GUID that you can match up to the certificate in the Apple Push Certificates portal.
84
+
> A certificate can be identified by its UID. Examine the **Subject ID** in the certificate details to find the GUID portion of the UID. Or, on an enrolled iOS/iPadOS device, go to **Settings** > **General** > **Device****Management** > **Management Profile** > **More Details** > **Management Profile**. The second line item, **Topic**, contains the unique GUID that you can match up to the certificate in the Apple Push Certificates portal.
86
85
87
86
6. On the **Confirmation** screen, select **Download** and save the .pem file locally.
88
87
7. In [Intune](https://go.microsoft.com/fwlink/?linkid=2090973), select the **Apple MDM push certificate** browse icon, select the .pem file downloaded from Apple, and choose **Upload**.
89
88
90
89
Your Apple MDM push certificate appears **Active** and has 365 days until expiration.
90
+
91
+
## Next steps
92
+
93
+
For more information about enrollment options, see [Choose how to enroll iOS/iPadOS devices](ios-enroll.md).
0 commit comments