In this guide, we explore steps to enable Intune for management of Apple devices.
The second and third steps in the process involve creation of a APNS or Apple Push Cert and then to integrate said certificate with Intune.
Configure Apple APNS certificate for Intune
Note – During these steps, you will flick back and forth between Apple Push Certificates Portal and Endpoint Manager console. Ensure you are signed into Endpoint Manager console in a new browser tab.
Select the ‘Create a Certificate’ button to get started.
Select the toggle box to acknowledge you agree to Apple’s terms and conditions.
Select the ‘Accept’ button to proceed.
Switch tabs to Endpoint Manager console.
Navigate to Devices > Enroll Devices > Apple Enrollment > Apple MDM Push Certificate
At Step 1, select the toggle box to acknowledge you agree for Microsoft to send user and device information to Apple.
At Step 2, select ‘Download your CSR’.
Switch tabs to Apple Push Certificates Portal.
Under Notes, provide a comment to differentiate this certificate from others. (Handy when you carry out a certificate renewal).
Select the ‘Choose File’ button. Select the recently downloaded IntuneCSR.csr file.
Select the ‘Upload’ button.
Select the ‘Download’ button to download the MDM APNs certificate (which is a .pem file).
Switch tabs to Endpoint Manager console.
At ‘Step 4’, input the same Apple ID used to create the certificate.
At ‘Step 5’, browse and locate the recently downloaded MDM APNs certificate (which is a .pem file).
Select the ‘Upload’ button.
Intune will notify you as to a successful MDM Push Certificate creation.
Scroll to the top of the dialogue box in order to validate a successful configuration. Hopefully, you will observe the following:
Status: Active
Days until expiration: 365 (From the date of Last Updated)
Last Updated: Date certificate was created
Expiration: 365 days from date certificate was created
Apple ID: Same Apple ID used to create the certificate.
Should the MDM Push Certificate process fail or the status returns an error, delete the Endpoint Manager configuration and repeat this section again from the beginning.