Sign in Subscribe
Intune Featured

How to renew your Apple MDM push certificate

Ihab Khiri

5 min read
How to renew your Apple MDM push certificate

Mobile Device Management (MDM) enables organisations to securely and efficiently manage Apple devices, including iPhones, iPads, and MacBooks. At the core of an MDM set up between Apple Business Manager and Microsoft Intune lays the Apple MDM push certificate—a cryptographic key that ensures secure communication between MDM servers and Apple devices. This certificate must be renewed annually, and failing to do so can lead to service disruptions and device re-enrollment headaches.

This guide will walk you through the renewal process step by step using Microsoft Intune.

Why Renewing the Apple MDM Push Certificate?

Your Apple MDM push certificate is valid for 365 days, with a 30-day grace period before expiration. If not renewed in time:

  • Devices under management lose their connection to the MDM server.
  • Device users may experience disruptions, requiring devices to be re-enrolled.
  • Your organisation risks compromising its device management strategy.

Renewing the certificate annually helps maintain secure authentication channels, rotate cryptographic keys to minimise vulnerabilities, and ensure your devices remain compliant.

When an Apple MDM Push Certificates is about to expire, an admin gets an email that looks like this, asking the admin to take the renewal action.

Now let's jump into the tools you need and the steps to take.

What you'll need

Before you renew your certificate, make sure you have the following information and access ready:

  1. Admin access to Microsoft Intune admin center.
  2. Access to the Apple Push Certificates Portal.
  3. The Apple ID used to create the existing Apple MDM push certificate.
  4. A few minutes of uninterrupted time—the process itself is fairly quick, but accuracy is crucial.

Once you have everything ready, you’re all set to begin the renewal process.

Step 1: Locate Your MDM Push Certificate in Microsoft Intune

First, access your Microsoft Intune Admin Center:

  1. Open the Microsoft Intune portal (https://endpoint.microsoft.com/).
  2. Log in with your admin credentials.
  3. Log in to the Microsoft Intune admin center.
  4. Navigate to Devices > Enroll Devices > Apple Enrollment.
  5. Select Apple MDM Push Certificate to view the current certificate details.
  6. Check the expiration date of your certificate to confirm whether a renewal is due. Microsoft Intune often notifies administrators via email when renewal is approaching.
💡
Pro Tip: Make sure you’re renewing the correct certificate. The "Subject" field within the certificate details contains an identifier linked to your Apple ID. Match this with the Apple ID you're using for the renewal.

Step 2: Download the Certificate Request

From Intune:

  1. Click on Renew Certificate. This action will generate a new CSR (Certificate Signing Request) file.
  2. Download the CSR to your local computer. This file is needed for upload later in the Apple portal.
🔴
Common Mistake to Avoid: Do not generate a new Apple MDM push certificate. Always renew the existing one using the exact Apple ID it was originally created with. Generating a new certificate will break the connection with enrolled devices, forcing you to re-enroll them.

Step 3: Log in to the Apple Push Certificates Portal

  1. Visit the Apple Push Certificates Portal.
  2. Sign in with the Apple ID used to register your current certificate.
💡
Troubleshooting Tip: If you've forgotten the Apple ID, check within Microsoft Intune under the "Apple ID" field associated with your certificate. This is the account you'll need to access the Apple portal.

Step 4: Renew Your Existing Certificate

  1. Once logged into the portal, locate your existing Apple MDM push certificate.
  2. Verify the "UID" matches the certificate you want to renew.
  3. Select the certificate and click Renew.
  4. Upload the CSR file you downloaded from Intune and follow the on-screen prompts.
  5. Once completed, download the newly renewed certificate file to your computer.
💡
Important Note: Do not delete your existing certificate from the Apple portal. Always opt for "Renew," as deleting the certificate will sever the connection between devices and your MDM server.

Step 5: Upload the Renewed Certificate to Microsoft Intune

  1. Go back to the Microsoft Intune admin center.
  2. Under the Apple MDM Push Certificate section, click Upload Certificate.
  3. Select and upload the renewed certificate file downloaded from the Apple portal.
  4. Save your changes.

Upon successful upload, Microsoft Intune will validate the certificate, and the renewal process will be complete.

💡
Pro Tip: Double-check the expiration date within Intune to ensure that the new certificate's term is reflected accurately.

Step 6: Verify and Test

  1. Confirm that the MDM server reports the renewed certificate as active.
  2. Test device connectivity by pushing a configuration profile or app to an enrolled device to ensure no disruptions occur.
  3. If you encounter any issues, revisit the steps above, ensuring the correct Apple ID and CSR were used.

Troubleshooting Common Issues

  • Error Logging into Apple Push Certificates Portal: Ensure you’re using the correct Apple ID associated with the certificate. Contact Apple Support if you’re locked out.
  • Devices Not Communicating with Intune Post-Renewal: Confirm that the renewed certificate matches the original UID. If a new certificate was accidentally created, re-enrollment may be required.

Conclusion

Renewing your Apple MDM push certificate annually is essential for maintaining secure device management and ensuring uninterrupted communication between your MDM server and Apple devices. By following the six steps outlined above—locating your certificate, downloading the CSR, renewing it on the Apple portal, and uploading it to Microsoft Intune—you can complete this task seamlessly.

Managing fleet-wide devices can be daunting, but maintaining compliance and security doesn’t have to be. By incorporating proactive steps like timely certificate renewals, you’ll ensure your organization’s Apple device management remains efficient and secure.

For more tips on optimising MDM solutions, keep an eye on our upcoming blog posts or speak to our team of experts.

Sign up for updates

Enter your email
Subscribe