• Home
  • About
  • Blog
  • Training
  • Books
  • Contact
    • Email
    • Facebook
    • Twitter
    • RSS

Practical 365

  • Office 365
  • Exchange 2019
  • Exchange 2016
  • Exchange 2013
  • Hybrid
  • Certificates
  • PowerShell
  • Migration
You are here: Home / Clients / Mobile Devices / Renewing an Apple Device Enrolment Certificate for Intune

Renewing an Apple Device Enrolment Certificate for Intune

January 17, 2018 by Paul Cunningham Leave a Comment

In order for Intune to manage iOS and Mac devices, an MDM push certificate is required. The certificate must be installed in your organization's Intune before your users can enrol devices. Like all certificates, the MDM push certificate that Apple issues has an expiry date. Eventually, the certificate will expire, and needs to be renewed.

Before we look at the renewal process, this is a good opportunity to go over the recommended practice for provisioning MDM push certificates from Apple to use with Intune, or with Office 365 MDM. Acquiring the MDM push certificate requires an Apple ID. The Apple ID that you use to log in to the Apple Push Certificates Portal should use an email address that is controlled by your organization. You should not use a personal Apple ID to provision the certificate. If the Apple ID that owns the certificate is lost, for example if that individual leaves the organization, you will need to replace the certificate with a new one. Replacing the certificate will require all of your Apple devices to be re-enrolled in Intune, which is obviously a situation you should avoid.

It's also worth flagging that Microsoft doesn't do much to alert you when the certificate is nearing expiration. Intune is managed through the Azure portal now, but there's no obvious tiles or widgets in a gallery search that you can add to your Azure dashboard to keep an eye on the MDM push certificate status.

Unless you drill down to the device enrolment section of the Azure Intune portal, you might not be aware of an expiring certificate.

However, Apple will notify you by email that the certificate is expiring. The first email alert is sent to the Apple ID 30 days prior to expiry, and another is sent 10 days prior to expiry. This is another reason to control and monitor the email address used as for the Apple ID associated with your MDM push certificate.

Moving on the to the actual renewal process, we can initiate that from the Apple Push Certificates Portal. Click on the Renew button for the expiring certificate.

The Apple portal will ask you to upload a certificate signing request (CSR). The CSR is downloaded from the Intune portal.

Upload the CSR from Intune to the Apple portal, which will then provide you with the new certificate to download.

Return to the Intune portal and upload the certificate. You will also need to provide the email address of the Apple ID that was used to acquire the certificate.

After the certificate is successfully renewed, the warning in the Intune portal will be cleared. If you were surprised by the upcoming certificate expiry, then this is a good time to pin the certificate status to your dashboard.

You can also consider:

  • Scheduling a ticket in your support system to appear 30 days or so from the next expiry date.
  • Ensuring the email address used for the Apple ID is monitored, and that the people monitoring it have a documented procedure for how to respond to the expiry warning emails.
Paul Cunningham

Paul is a Microsoft MVP for Office Apps and Services and a Pluralsight author. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server.

Mobile Devices Apple, Certificates, Intune, iOS, MDM

Leave a Reply Cancel reply

You have to agree to the comment policy.

Recent Articles

  • How to configure custom branding for Office 365 Message Encryption
  • The clock is ticking on Exchange Server 2010
  • How to licence Exchange Hybrid servers
  • How to use the Azure Content Moderator in Office 365
  • Hybrid Agent & Exchange Modern Hybrid now available as a public preview
Practical 365

Training Courses

  • Configuring and Managing Office 365 Security
  • Office 365 Admin Playbook
  • Exchange 2016 Exam 70-345
  • Managing Exchange Mailboxes and Distribution Groups in PowerShell
  • More Training Courses...

Recommended Resources

  • Office 365 Security Resources
  • Office 365 Books
  • Exchange Server Books
  • Exchange Server Migrations
  • Exchange Analyzer
  • Digicert SSL Certificates

About This Site

Practical 365 is a leading site for Office 365 and Exchange Server news, tips and tutorials. Read more...
  • Email
  • Facebook
  • Twitter
  • RSS

Copyright © 2019 Quadrotech Solutions AG · Disclosure · Privacy Policy
Alpenstrasse 15, 6304 Zug, Switzerland

We are an Authorized DigiCert™ SSL Partner.