This admin procedure will provide background information on creating an Apple MDM Push Certificate that will enable management of iOS/iPadOS and macOS devices in Microsoft Intune, and allows devices to enroll via the Intune Company Portal App.
This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.
MDM Push Certificates
Apple MDM Push certificate is required to manage iOS/iPadOS and macOS devices in Microsoft Intune, and enables devices to enroll via:
- The Intune Company Portal app.
- Apple bulk enrollment methods, such as the Device Enrollment Program, Apple School Manager, and Apple Configurator.
Certificates must be renewed annually.
Requirements
Use an Intune-supported web browser to create and renew an Apple MDM push certificate.
Procedure Scope: Administrators
Required Group Membership: Admin.DeviceSecurity
- Navigate to macOS Enrollment – Intune, select Apple MDM Push Certificate.
- A new window will be displayed, select I agree to give Microsoft permission to send data to Apple.
- Next select Download your CSR to download and save the request file locally. This file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
- Once the (.csr) file has been generated, we will proceed by selecting Create your MDM push Certificate to go to the Apple Push Certificates Portal.
- You will be redirected to an apple sign-in page, the certificate will be associated with the Apple ID used to create it. As a best practice, use a company email address as your Apple ID and make sure the mailbox is monitored by more than one person, such as by a distribution list. It is recommended to avoid using a personal Apple ID.
- Once the sign-in process has been complete, you will see a new page. Select Create a Certificate.
- You will need to read and agree to the terms and conditions. Then select Accept.
- You will need select Choose File and then select the CSR file you downloaded in Intune. Followed by selecting Upload.
- On the confirmation page, select Download. The certificate file (.pem) downloads to your device. Save this file for later.
- Once the pem file has been generated, return to previous window, and enter your Apple ID. This is needed to remind you when you need to renew the certificate.
- Lastly, you will need to Select the Folder icon. Select the certificate file (.pem) you downloaded in the Apple portal. Finalize the process by selecting Upload to finish configuring the MDM push certificate.
You're Finished!
You should have successfully created a new Apple MDM Push Certificate that will allow macOS devices to be enrolled through Intune. For any other problems or questions, reach out to us!