Create or Renew iOS Push Certificate with Microsoft Intune

In this blog post, I will show you how to create or renew an MDM push certificate for iOS devices for Microsoft Intune.

By design, in order for Microsoft Intune to be able to enroll iOS devices and manage them, we have to generate an MDM push certificate for Apple.

In order to generate the Push certificate, you will need an Apple ID.

Get started

Below you can see that my MDM push certificate has expired and I am going to renew it.

Renewing and creating a new MDM certificate is using the same process as you will see shortly.

To create or renew a certificate, Open the Intune management console, click on Devices, Select iOS enrollment and click on Apple MDM Push certificate.

Renew or create

The Process to renew or create a new certificate is the same and based on the four steps shown below, which I will explain and guide through each one of them.

Step 1 – Grant Intune permission

The first step is simple, and all you need to do is tick the I agree checkbox.

Step 2 – Download CSR file

In this step, we need to download the certificate request file also known as CSR file.

Click on Download your CSR and save somewhere you remember.

Step 3 – Create an Apple MDM certificate

Now, we are going to copy the CSR file to Apple’s certificates portal, so click on the Create your MDM push certificate link under step 3.

After clicking on the link, you will be redirected to the certificates portal.

Enter your Apple ID and continue.

From the portal, you have the following options:

Create a certificate

Renew

Download

Revoke

In my case, I will select Renew but If you need a new certificate click on Create a Certificate.

From the renew or a new page, click on choose file and browse to the location you saved the CSR file from step 2.

Click on Download to save the MDM certificate, also known as PEM file.

Step 4 – Enter apple ID and upload Apple MDM certificate

In the last and final step, enter the Apple ID you used to login to the certificates portal and upload the PEM file from step 3.

Click on upload and complete the process.

Now you can go ahead and entroll iOS devices.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.