Loading...

Knowledge Center

/
centrexIT
Knowledge Center

CentrexIT Howto: Intune - Updating/Renewing the Apple Push Certificate for MDM Usage

KB00063814
Damon Marjanovich Work Instruction 1 min
PublishedDamon Marjanovichv1.5
Published Nov 11, 2025Expires Jan 9, 2027

Purpose:

Section titled “Purpose:”

Why Renewal Matters • The APNS certificate is required for managing iOS/iPadOS and macOS devices in Intune. • It expires every 365 days. If it expires, all enrolled Apple devices must be re-enrolled, which can be disruptive. • Always renew, not create a new certificate, to avoid re-enrollment issues.

Scope:

Section titled “Scope:”

Project Team, Support Team, any one who supports Intune enviroments for customers.

Responsibility:

Section titled “Responsibility:”

Whichever department is responsible for Patch or Service management and maintenance.

Definitions:

Section titled “Definitions:”

Procedure:

Section titled “Procedure:”

Steps to Renew the APNS Certificate

  1. Sign in to Intune Admin Center • Go to https://intune.microsoft.com. • Navigate to: Devices → iOS/iPadOS → Enrollment → Apple MDM Push Certificate.

  2. Download the CSR (Certificate Signing Request) • In the Apple MDM Push Certificate pane: o Check the agreement box. o Click Download your CSR and save the file locally.

  3. Go to Apple Push Certificates Portal • Open https://identity.apple.com/pushcert/. • Sign in with the same Apple ID used to create the original certificate.

  4. Renew the Certificate • Locate your existing certificate in the portal. • Click Renew. • Upload the CSR file you downloaded from Intune. • Click Upload, then Download the renewed certificate (.pem file).

  5. Upload the Renewed Certificate to Intune • Return to Intune Admin Center. • Enter the Apple ID used for the certificate. • Upload the downloaded .pem file. • Click Upload to complete the process.

  6. Verify • Ensure the status shows Active and the expiration date is extended by 365 days.

Important Notes • Do NOT create a new certificate unless absolutely necessary; doing so forces device re-enrollment. • You’ll receive reminder emails from Apple 30 days before expiration. It is sent to the icloud account email AND the global administrator’s mailboxes (if enabled in the tenant)

Effectiveness Criteria:

Section titled “Effectiveness Criteria:”

Where is the relevant account information stored?

  • 1Password

  • Attached to managed Apple Business Account (ABM)

  • Customer supplied ABM account

References:

Section titled “References:”

https://learn.microsoft.com/en-us/intune/intune-service/enrollment/apple-mdm-push-certificate-get https://support.apple.com/en-us/118629

Process References:

Section titled “Process References:”
  1. Link to process map.

Note: Please add KB relationships to core process, process. SOPs or other WIs on the right.