To enroll and manage iOS/MAC devices in Intune, you must create an Intune Apple Certificate. These Apple MDM Push certificates expire 365 days after you create them and must be renewed manually in the Intune portal.

You will receive a notification email 30 days before the Apple MDM Push Certificate expires. It’s strongly recommended to renew the certificate before the expiration method.

If you don’t renew the certificate in time, you will need to re-enroll all Apple devices. In a lab environment, this can be done easily, but in a production environment with a hundred or thousand devices, this could mean a nightmare.

This post will describe how to Renew Intune Apple MDM Push Certificate from the Intune portal.

Verification

Besides the expiration email, you can see that your certificate is expired or the expiration date in the Intune Portal.

• In the Intnue Portal
• Click Devices / iOS/iPadOS Enrollment and select Apple MDM Push Certificate

Another sign that your Apple MDM Push Certificate is expired would mean that users can’t access company resources because the default company policy would block them.

If you try to enroll the device, the company portal will send an error :

Couldn’t add your device. Contact your IT Admin for assistance with this issue. APNSCertificateNotValid

Renew Intune Apple Certificate

Hopefully, you found out before your certificate expires…right ??… For this post, our certificate is expired for a while. The procedure to Renew Intune Apple MDM Push Certificate is still the same.

So this is how to do it :

• In the Intune Portal
• Click Devices / Ios/iPadOS Enrollment and select Apple MDM Push Certificate

• In the Configure MDM Push Certificate pane
• Check the agreement in #1
• In the second step (#2), click on Download your CSR. A file will download in your browser. Keep this file for the next step
• On the third step (#3), click on Create your MDM Push Certificate

• You’ll be redirected on the Apple Push Certificate Portal
• Login using the Apple ID used to create the certificate in the first place

• In the Certificate Portal, select your Mobile Device Management Certificate and click Renew

• In the Renew Push Certificate Portal, click the Choose file button and provide the Intune.CSR file that you downloaded in the previous step

• Click Upload

• On the next page, click Download. The MDM_ Microsoft Corporation_Certificate.pem file will download. Keep this file for the next steps.

• Back in the Endpoint Manager Portal
• Complete step 4 by entering your Apple ID
• Complete step 5 by entering the MDM_ Microsoft Corporation_Certificate.pem that you just downloaded
• Click Upload at the bottom

Validation

Once completed, refresh the page and look at the top of the pane. Your certificate should show ACTIVE and the Days until expiration will show 365

You’ve successfully renewed Intune Apple MDM Push Certificate . You can now re-enroll your device if the certificate was expired. You don’t have anything else to do on your Apple device if the certificate was still valid before the renewal process.