Renewing the Apple MDM Push Certificate is essential to maintain the management capabilities of your Apple devices in Intune. Here are the steps to renew the certificate:
1. Sign in to the Intune Admin Center:
- Go to Devices > Enroll devices > Apple enrollment > Apple MDM Push certificate.
https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesMacOsMenu/~/appleEnrollment
2. Download the Certificate Signing Request (CSR):
- Select Download your CSR to save the request file locally.
3. Renew the Certificate on the Apple Push Certificates Portal:
- Go to the Apple Push Certificates Portal.
- Sign in with the Apple ID used to create the original certificate.
- Select your existing certificate and click Renew.
- Upload the CSR file you downloaded from Intune.
- Download the renewed certificate (.pem file).
4. Upload the Renewed Certificate to Intune:
- Return to the Intune admin center.
- Upload the renewed certificate file.
- Enter the Apple ID used to create the certificate.
Consequences of Certificate Expiration
If the Apple MDM Push Certificate expires, the following issues will occur:
- Loss of Management Capabilities:
- You will not be able to manage enrolled Apple devices through Intune.
- Remote actions, such as wiping or locking devices, will not be possible.
- Re-enrollment Requirement:
- If the certificate expires and is not renewed within the 30-day grace period, all devices will need to be re-enrolled with a new certificate.
- This can be a significant administrative burden, especially in large environments.
To avoid these issues, it’s crucial to renew the certificate before it expires. You will receive a notification email 30 days before the certificate’s expiration to remind you to renew it
