macOS MDM Push Certificate Renewal Procedure

This admin procedure will provide background information on renewing an expired Apple MDM Push Certificate registered through Intune.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

MDM Push Certificates

Apple MDM Push certificate is required to manage iOS/iPadOS and macOS devices in Microsoft Intune, and enables devices to enroll via:

  • The Intune Company Portal app.
  • Apple bulk enrollment methods, such as the Device Enrollment Program, Apple School Manager, and Apple Configurator.

Certificates must be renewed annually.

The Apple MDM push certificate is valid for 365 days. You must renew it annually to maintain iOS/iPadOS and macOS device management. Once the certificate expires, there is a 30-day grace period to renew it.

Renew the MDM push certificate with the same Apple account you used to create it.

 

Requirements

Use an Intune-supported web browser to create and renew an Apple MDM push certificate.

 

Procedure Scope: Administrators

Required Group Membership: Admin.DeviceSecurity

 

  1. Navigate to macOS Enrollment – Intune, select Apple MDM Push Certificate.
  2. Next select Download your CSR to download and save the request file locally. This file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
  3. Once the (.csr) file has been generated, we will proceed by selecting Create your MDM push Certificate to go to the Apple Push Certificates Portal.
  4. You will be redirected to an apple sign-in page, the certificate will be associated with the Apple ID used to create it. As a best practice, use a company email address as your Apple ID and make sure the mailbox is monitored by more than one person, such as by a distribution list. It is recommended to avoid using a personal Apple ID.
  5. Once the sign-in process has been complete, you will see a new page. Locate the expired certificate and select Renew.
  6. You will need select Choose File and then select the CSR file you downloaded in Intune. Followed by selecting Upload.
  7. On the confirmation page, select Download. The certificate file (.pem) downloads to your device. Save this file for later.
  8. Once the pem file has been generated, return to previous window, and enter your Apple ID. This is needed to remind you when you need to renew the certificate.
  9. Lastly, you will need to Select the Folder icon. Select the certificate file (.pem) you downloaded in the Apple portal. Finalize the process by selecting Upload to finish configuring the MDM push certificate.

You're Finished!

You should have successfully renewed an expired Apple MDM Push Certificate when your Apple MDM push certificate status appears active in both the admin center and Apple portal. For any other problems or questions, reach out to us!