An Apple MDM Push certificate is required to manage iOS/iPadOS and macOS devices in Microsoft Intune, and enables devices to enroll via:

• Apple bulk enrollment methods, such as the Device Enrollment Program, Apple School Manager, and Apple Configurator.
• The Intune Company Portal app.

Apple MDM Push Certificate in Intune

The MDM Push Certificate is valid for 1 year. You need to renew this before the expiration date. If the certifcate is not renewed in time and you need to create a new one, ALL apple devices need to be enrolled again in intune!

To do so please follow the next steps:

Log into endpoint manager with at least Intune administrator rights. Go to devices – enrollment – Apple enrollment. See link below.

Configure MDM Push Certificate – Microsoft Endpoint Manager admin center

Click Apple MDM Push Certificate

You will end up in this screen:

Click download your CSR, save it in a temp directory, you will need this later.

Click on the link Create your MDM push Certificate. You will be redirected to Sign In – Apple.

Apple Push Certificates Portal

On the Apple Push Certificates Portal you need to choose the certificate that need to be renewed and click renew.

Click choose file and upload the CSR file that you have downloaded in the beginning. In the notes section you can add some text. I usually add the date and the company here as i’m managing some other certificates for other test and demo tenants. It will make it easier in the future to identify the correct certificate.

Now download the new certificate and place it in a temp directory. The file is called MDM_ Microsoft Corporation_Certificate.pem

Now go back to the endpoint manager and upload the downloaded .pem file, fill in the apple id and click upload

After this step you can see that the certificate is valid again for 1 year. Now you can schedule an item in your calendar a year in the future a few days prior to renew the certificate again.