Allegiant Knowledge

Support Portal Documentation Request

How To: Apple Intune MDM Push Certificate

Administrator

Written By Austen Schwermer (Administrator)

Updated at January 6th, 2026

Table of Contents

Purpose Quick Reference Summary Tips & Recommendations Vendor Resources 1) Log into Microsoft Intune 2) Download the CSR 3) Log into the Apple Push Certificates Portal 4) Locate and Renew the Certificate 5) Upload the New Certificate to Intune 6) Validation & Testing

Purpose

Ensure continued management of Apple devices (iPhones, iPads, Macs) in Microsoft Intune by renewing the Apple MDM Push Certificate before expiry.

Quick Reference Summary

  1. Confirm which Apple ID was used for the existing MDM Push Certificate.
    1. This is critical as using a different Apple ID will break the link between Intune and enrolled devices.
    2. You can find this in Intune Admin Center → Devices → iOS/iPadOS → Enrollment → Apple MDM Push certificate.
  2. Check the expiration date of the current certificate to plan ahead (renew before expiry).
  3. Confirm current admin access:
    1. Microsoft Entra ID Global Admin rights
    2. Access to the Apple ID mailbox for verification
 

Tips & Recommendations

  1. Set a recurring calendar reminder 30 days before expiry.
  2. Store the Apple ID in IT Glue.
  3. Keep a shared email alias for Apple ID (e.g., applemdm@domain.com) to avoid staff dependency.
 

Vendor Resources

https://learn.microsoft.com/en-us/intune/intune-service/enrollment/apple-mdm-push-certificate-get

1) Log into Microsoft Intune

  1. Go to Microsoft Intune admin center:
    https://intune.microsoft.com
  2. Navigate to:
    Devices → iOS/iPadOS → Enrollment → Apple MDM Push certificate
    1. Confirm the Apple ID used for current deployment if applicable

2) Download the CSR

  1. Click Renew certificate.
  2. Download the .csr file provided by Intune, you’ll upload this to Apple next.

3) Log into the Apple Push Certificates Portal

  1. Visit: https://identity.apple.com/pushcert
  2. Sign in with the same Apple ID used for the original certificate (see step 1.2).

4) Locate and Renew the Certificate

  1. Find the existing certificate (check the Serial Number / Common Name, it should match Intune).
  2. Click Renew.
  3. Upload the .csr file you downloaded from Intune (see step 2.2).
  4. Once renewed, download the new certificate (.pem) from the portal.

5) Upload the New Certificate to Intune

  1. Back in the Intune admin center → Apple MDM Push certificate section
  2. Click Upload your new MDM push certificate
  3. Upload the .pem file you just downloaded (see step 4.3).
     

6) Validation & Testing

  1. Refresh the Intune page and confirm:
    1. New expiration date reflects 1 year from renewal.
    2. Status shows as Active.
  2. Test communication:
    1. Push a test policy or sync command to a managed iOS device.
    2. Confirm it completes successfully.
  3. Update internal documentation / password vault:
    1. Note the Apple ID used.
    2. Record the new expiration date.
    3. Save renewal steps link for next year, and schedule it so that it doesn't get missed.

Related Articles

Pairing Cell Phone with Yealink W58 Pro

With the phone in front of you, swipe to the left to get to the next page Select ...

Connect Web: Choosing your audio device

Configuring Sound Settings for Google Chrome This guide will help you set up and ...

Persona Connect: How to enable the Progressive Web App for Connect Web

This document will walk you through turning the Connect Web Client into an app on...

How To: Add Shared Voicemail on Persona Connect

The Shared Voicemail feature in Persona Connect enhances collaboration by providi...