You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/enrollment/apple-mdm-push-certificate-get.md
+28-17Lines changed: 28 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ keywords:
8
8
author: Lenewsad
9
9
ms.author: lanewsad
10
10
manager: dougeby
11
-
ms.date: 03/08/2018
11
+
ms.date: 07/11/2022
12
12
ms.topic: how-to
13
13
ms.service: microsoft-intune
14
14
ms.subservice: enrollment
@@ -57,36 +57,47 @@ Select **I agree.** to give Microsoft permission to send data to Apple.
57
57
Select **Download your CSR** to download and save the request file locally. The file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
58
58
59
59
### Step 3. Create an Apple MDM push certificate
60
-
Select **Create your MDM push Certificate** to go to the Apple Push Certificates Portal. Sign in with your company email address Apple ID, and then click **Create a Certificate**. Select **Choose File** and browse to the certificate signing request file, and then choose **Upload**. On the Confirmation page, choose **Download** to the download the certificate (.pem) file, and save the file locally.
60
+
1. Select **Create your MDM push Certificate** to go to the Apple Push Certificates Portal.
61
+
2. Sign in with your organization's Apple ID.
62
+
3. Select **Create a Certificate**.
63
+
4. Read and agree to the terms and conditions. Then select **Accept**.
64
+
5. Select **Choose File** and then select the CSR file you downloaded in Intune.
65
+
6. Select **Upload**.
66
+
7. On the confirmation page, select **Download**. The certificate file (.pem) downloads to your device. Save this file for later.
61
67
62
68
> [!NOTE]
63
-
> The certificate is associated with the Apple ID used to create it. As a best practice, use a company email address for Apple ID for management tasks and make sure the mailbox is monitored by more than one person like a distribution list. Avoid using personal Apple ID.
69
+
> The certificate is associated with the Apple ID used to create it. As a best practice, use a company email address as your Apple ID and make sure the mailbox is monitored by more than one person, such as by a distribution list. Avoid using a personal Apple ID.
64
70
65
-
> [!NOTE]
66
-
> If you plan to federate your existing AAD Accounts with Apple for Managed Apple ID Usage, please contact Apple to have the existing APNS certificate migrated to new managed apple ID. Refer https://support.apple.com/en-in/guide/apple-school-manager/apd6603d9206/web for more info.
71
+
#### Managed Apple ID
72
+
If you plan to federate your existing Azure AD accounts with Apple to use Managed Apple ID, contact Apple to have the existing APNS certificate migrated to your new Managed Apple ID. For more information, see the Apple Support [user guide for Apple School Manager](https://support.apple.com/guide/apple-school-manager/apd6603d9206/web).
67
73
68
74
### Step 4. Enter the Apple ID used to create your Apple MDM push certificate
69
-
Record this ID as a reminder for when you need to renew this certificate.
75
+
Return to the admin center and enter your Apple ID as a reminder for when you need to renew the certificate.
70
76
71
77
### Step 5. Browse to your Apple MDM push certificate to upload
72
-
Go to the certificate (.pem) file, choose **Open**, and then choose **Upload**. With the push certificate, Intune can enroll and manage Apple devices.
78
+
1. Select the **Folder** icon.
79
+
2. Select the certificate file you downloaded in the Apple portal.
80
+
3. Select **Upload** to finish configuring the MDM push certificate.
73
81
74
82
## Renew Apple MDM push certificate
75
-
The Apple MDM push certificate is valid for one year. You must renew it annually to maintain iOS/iPadOS and macOS device management. Once the certificate expires, there is a 30-day grace period to renew it.
83
+
The Apple MDM push certificate is valid for 365 days. You must renew it annually to maintain iOS/iPadOS and macOS device management. Once the certificate expires, there is a 30-day grace period to renew it.
76
84
77
85
Renew the MDM push certificate with the same Apple ID you used to create it.
78
86
79
-
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Enroll devices** > **Apple enrollment** > **Apple MDM Push Certificate**.
80
-
2. Choose **Download your CSR** to download and save the request file locally. The file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
81
-
3. Select **Create your MDM push Certificate** to go to the Apple Push Certificates Portal. Find the certificate you want to renew and select **Renew**.
82
-
4. On the **Renew Push Certificate** screen, provide notes to help you identify the certificate in the future, select **Choose File** to browse to the new request file you downloaded, and choose **Upload**.
87
+
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
3. Select **Download your CSR** to download and save the request file locally. The file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
90
+
4. Select **Create your MDM push Certificate** to go to the Apple Push Certificates Portal.
91
+
5. Find the certificate you want to renew and select **Renew**.
92
+
6. Select **Choose File** and select the new CSR file you downloaded.
93
+
7. In the provided field, enter a unique note about the certificate so that you can easily identify it later.
83
94
> [!TIP]
84
-
> A certificate can be identified by its UID. Examine the **Subject ID** in the certificate details to find the GUID portion of the UID. Or, on an enrolled iOS/iPadOS device, go to **Settings** > **General** > **Device****Management** > **Management Profile** > **More Details** > **Management Profile**. The second line item, **Topic**, contains the unique GUID that you can match up to the certificate in the Apple Push Certificates portal.
85
-
86
-
6. On the **Confirmation** screen, select **Download** and save the .pem file locally.
87
-
7. In [Intune](https://go.microsoft.com/fwlink/?linkid=2090973), select the **Apple MDM push certificate**browse icon, select the .pem file downloaded from Apple, and choose **Upload**.
95
+
> Each certificate has a unique UID. To find it, look for the subject ID, which shows the GUID portion of the UID, in the certificate details. You can also find this information on the enrolled iOS/iPadOS device. Go to **Settings** > **General** > **DeviceManagement** > **Management Profile** > **More Details** > **Management Profile**. The **Topic** value contains the unique GUID that you can match up to the certificate in the Apple Push Certificates portal.
96
+
8. Select **Upload**.
97
+
9. On the **Confirmation** screen, select **Download**.
98
+
10. Return to the admin center > **Configure MDM Push Certificate**page, and upload your certificate file.
88
99
89
-
Your Apple MDM push certificate appears **Active** and has 365 days until expiration.
100
+
Renewal is complete when your Apple MDM push certificate status appears active in both the admin center and Apple portal.
0 commit comments