The World According to Mitch

A year ago I gave someone access to my Intune environment in order to be able to demonstrate how to manage iOS devices, so for the last year I have been happy to manage my two iOS devices (actually several over the timeframe) from the same portal as my Windows devices. It is just so convenient!

This week I was demonstrating to my students in a Microsoft 365 class (MD-102) how in order to manage Apple devices you need a MDM Push Certificate from Apple. Monday was March 11, 2024… and I was horrified to see that my certificate was set to expire in two short days!

I realized that the person who had configured the environment was no longer managing this environment, and that I had revoked their ability to do so anyways. It was fortuitous that I went into this screen for my class, otherwise the certificate would have simply expired Saturday… and things would have stopped working.

(Yes, both Apple and Intune would have sent out an email to let us know that the certificates needed to be renewed, but those emails would have gone to the now dormant account.)

Okay… so in the Intune menu I clicked on Tenant Administration. I then clicked on Apple MDM Push Certificate. I saw the following screen:

We can confirm under Essentials that our certificate is indeed expiring. I am now going to follow these steps: 1. Under I grant Microsoft permission to send both user and device information to Apple click I agree. 2. Under Download the Intune certificate signing request required to create an Apple MDM push certificate click Download your CSR. This will download the file that you need to take to Apple in order to generate the This will take you to the Apple Push Certificates Portal on identity.apple.com.

Now that we are here, we are going to click on the Renew button next to our certificate:

In the Renew Push Certificates Portal you will click Choose File, and then select the file that you exported from Intune (usually in your Downloads folder, and named IntuneCSR.csr). Once selected, click Upload.

Once you have done that, you will get the following confirmation window. Click Download to download the certificate.

At this point we will return to the Intune portal where (unless you really dawdled) you should still be on the Configure MDM Push Certificate page. In Step 4 you will enter your Apple ID (the one you used to create the push certificate). Then in Step 5 you will select the file that you just downloaded in the previous step. Once again, it should be in your Downloads folder, and it should be called “MDM_ Microsoft Corporation_Certificate.pem.” You can then click Upload.

At this point you should see that your Push Certificate status has been changed to Active, the days until expiration should read 365, and the expiration date is next year. See?

That’s all there is to it. While I do not suggest you wait until the last minute to do this, you can see that the process is quick and straightforward. I hope this helped!