Before enrolling and managing an iOS device, it is necessary to request and upload an Apple APNs certificate. The Apple APNs certificate is used by the iOS to allow a device management software. This certificate is valid for one year and must be renewed before it expiration, otherwise it will be necessary to re-enroll all already enrolled devices.
To request and upload an Apple APN certificate, perform the following steps on a computer connected to the internet:
- Open a browser and navigate to https://devicemanagement.portal.azure.com
- click devices, Enroll devices and then Apple enrollment
- Under Device enrolment – Apple enrolment, click Apple MDM Push certificate
- On Configure MDM Push Certificate, click I agree under I grant Microsoft permission to send both user and device information to Apple.
- Click Download your CSR and save the IntuneCSR.csr file to your computer
Note: It is recommended not using the legacy Microsoft Edge as it may not work as expected. Microsoft Edge (chromium version is recommended)
- On a browser, navigate to http://go.microsoft.com/fwlink/?LinkId=261984 and log on with an Apple ID.
Note: It is recommended not using Internet Explorer as it may not work as expected
- On Apple Push Certificate Portal, click Create a Certificate
- On Terms of Use, click I have read and agree to these terms and conditions and click Accept
- On Create a New Push Certificate, click choose file, select the IntuneCSR.csr file that you saved before and click upload
- On Confirmation, click Download and save the MDM_ Microsoft Corporation_Certificate.pem file
- Back to the Microsoft Endpoint Manager admin center portal, type the apple ID used to create the certificate and browse to the MDM_ Microsoft Corporation_Certificate.pem file created by the Apple Push Certificates portal and Click Upload
Deleting Apple MDM Push Certificate
When a certificate needs to be changed (this could be because it has expired or for some other reason), the existing certificate is required to be removed.
To remove an existing Apple APN certificate, perform the following steps on a computer connected to the internet:
- Open a browser and navigate to https://devicemanagement.portal.azure.com
- click devices, Enroll devices and then Apple enrollment
- Under Device enrolment – Apple enrolment, click Apple MDM Push certificate
- On Configure MDM Push Certificate, click Delete and on the warning message, click Yes
- On a browser, navigate to http://go.microsoft.com/fwlink/?LinkId=261984 and log on with the Apple ID used to create the cert.
- On the Apple Push Certificates Portal, if the certificate used is not yet revoked, click the Revoke button and then Revoke on the warning message.
- Click ok on the confirmation message
Article originally published on LinkedIn.