How to: Renew Apple MDM Certificate for Microsoft Intune

Microsoft Intune requires an Apple issued certificate to manage Apple devices.  Apple only issues this cert for 365 days and it is critically important to remember to renew it before expiration.  If this cert is allowed to expire ALL APPLE DEVICE ENROLLMENTS WILL BE LOST.  This obviously would be very bad so we want to renew this early to make sure this doesn’t ever happen.

Apple does do us a favor and notify us at 30 days and 10 days of the pending expiration of this cert.  Additionally I would recommend setting up some failsafe reminder either via a calendar entry or through additional monitoring.  As of today there doesn’t seem to be any automatic monitoring so I would recommend implementing something like this.


Renewing the Cert (time to complete 5-10min

Open up Intune for your Tenant (endpoint.microsoft.com) and click "devices" in the left hand pane.

Click Enroll Devices

 

Select Apple Enrollment

Click on Apple MDM Push Certificate

 

 

Follow the steps Noted Below in order.  The downloaded .csr file will be used to generate a cert renewal in the Apple.com Certificate Portal in the next step.

 

Find the Intune certificate and Click Renew.  Not pictured is the window to upload the cert from your PC

 

If the CSR was processed correctly you can now download the new cert which is in .PEM format.

 

 

 

Enter the Apple ID used in the previous step on line 4 and upload the cert (.pem) you just downloaded into line 5.  Once you’re sure all is correct click the Upload button. 

 

If all was correct you should now see the Days until Expiration to be “365.”  Be sure to mark your calendar as this will be renewed next year before expiration to avoid losing all Apple device enrollments.

Location: Kansas City, MO, USA

Comments

Post a Comment

Popular posts from this blog

Springtime Schooner building

Image
  So here's some pictures of work over the winter up to now.  I didn't much feel like making posts about lately so I'm just kind of throwing together all the photos I took.  A lot of this is out of order. I still haven't settled on a name.  Maybe by the next time I'll have one.   Setting the mast rake here.  I've read that a two masted ship should have the masts slightly out of parralel widening skyward.  Apparently this arrangement is more pleasing aesthetically.  Main mast is 6 degrees fore-mast is 5degrees. Here's the fore section of the sail winch all coated and with the main winch line strung.  You can see the foremast step in the center on the keel. Here's the sheet tubes being run.  These guide the sheets from the winch line up through the deck without introducing any sharp angles.  I used 1/4 icemaker line that I found at ScrapsKC . Here's the compartment with a nylon strap to retain the receiver.  Placement on the bull...
Read more

Ditch 3rd Party Cloud Print systems - Print Locally with Android!

Image
 How to setup local printing in Android 12 a step by step guide Google now allows local network printers to be configured via the "Default Print Service" which now is bundled within most Android systems.  All you need to know is the network name or the accessible IPv4 address of the printer.  This is a great feature because it obviates the need for any 3rd party cloud printer services and keeps your data local to your network.  This method also has the added benefit of requiring no internet access to work.  You only need a LAN (local area network) and for the printer and the phone to be on that network. Go to Settings on the Android device. Now search for "Printing" Make sure Default Print Service is set to "On" and tap to setup. Tap the upper right menu then tap  "Add Printer" Enter the IP address and tap Add Confirm this works by finding the printer displayed in the printer list Now try printing a document from an application.  If the app suppo...
Read more