How to configure Apple MDM Push certificate using Intune

In this blog post we will see how to configure Apple MDM Push Certificate which is required to manage Apple devices using Microsoft Intune. We will be using Microsoft Intune admin center and Apple Push Certificate Portal to configure it. If you are looking to renew Apple MDM Push Certificate, then please visit this link: Renew Apple MDM Push Certificate.

Steps to configure Apple MDM Push certificate

Please follow below steps to configure Apple MDM push certificate on Intune admin center.

On the right hand side you will see Apple MDM Push certificate under Prerequistes.

Apple MDM Push Certificate
Apple Enrollment on Microsoft Intune admin center

After you click on Apple MDM Push certificate, Configure MDM Push certificate pane will open on the right hand side. Click on I agree, then Download your CSR to generate a Certificate signing request file (IntuneCSR.csr) which we will use to generate Apple MDM push certificate and then click on Create your MDM push certificate.

Configure MDM Push Certificate
Configure MDM push Certificate

Once you click on Create your MDM push Certificate, it will take you to Apple website where you need to sign-in with your Apple ID. If you do not have one, you can click on create yours now. For creating an Apple ID, just complete a registration form which will verify your email address and phone number and sign you in to the Apple Push Certificates Portal as you will see in below screenshots.

Sign in with Apple ID
Create Apple ID

Click on Create a Certificate.

Apple Push Certificates Portal
Create a Certificate on Apple Push Certificates Portal

Go through the Terms of Use and Accept the terms and conditions then click on Accept.

Apple Push Certificates Portal
Apple Push Certificates Portal

In the next step, Upload IntuneCSR.csr file which we had generated before. On Create a New Push Certificate page, click on choose file and select IntuneCSR.csr file then click on upload.

Apple Push Certificates Portal
Create a New Push Certificate

After uploading the CSR file, Apple MDM Push Certificate will be generated for you. Check the Expiration date of the certificate and click on Download. When you click on Download, a file will be downloaded named “MDM_ Microsoft Corporation_Certificate.pem“. We will use this file to configure Apple MDM Push Certificate on Endpoint Manager admin Center.

Apple Push Certificates Portal
Apple Push Certificates Portal

Now, go back to the Microsoft Endpoint Admin Center Portal and Click on Apple MDM Push Certificate -> Configure MDM Push Certificate Page. We will upload the .pem file here which we generated in previous step.

Configure MDM Push Certificate
Enter the Apple ID and provide Apple MDM push certificate

After you click on Upload, Certificate will be uploaded and status will show as Active with certificate validity of 1 year.

Important
Please note that Apple MDM Certificate can be issued only with one year validity. Note down the expiration date of the certificate and configure alert / notification for this. If Apple MDM Push Certificate is expired then all iOS devices which are enrolled in Intune will have to be re-enrolled after generating a new certificate from Apple Website. To know more information about renewing your Apple MDM Push Certiifcate. Please visit the URL: https://techpress.net/renew-apple-mdm-push-certificate-for-microsoft-intune-apple-enrollment/.
Configure MDM Push Certificate
Status shows Active on Configure MDM Push Certificate page

Renew Apple MDM Push Certificate

If your Apple MDM Push certificate is expiring then you can use below step by step article to get it renewed.

Conclusion

In this blog post, we have seen how to configure Apple MDM Push certificate from Microsoft Intune Admin Center. Please make sure to monitor the certificate expiry date as this certificate validity is only for 1 Year.

READ NEXT