Apple Intelligence now features Image Playground, Genmoji, Writing Tools enhancements, seamless support for ChatGPT, and visual intelligence.

Apple Intelligence has also begun language expansion with localized English support for Australia, Canada, Ireland, New Zealand, South Africa, and the U.K. Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Apple MDM Push Certificates (APNs)

Hey!


I need your help regarding APNs certificates. In my team we use Microsoft Intune as an MDM provider to enroll and manage Mac and iOS devices. Therefore, you have to create an Apple MDM Push Certificate within Intune. If this certificate expires, you have to renew it by following the rules (same AppleID as last time and renew the certificate instead of creating a new one).


Now, we have a phenomen with one of our customers where we manage iOS and MacOS devices.

Instead of renewing the expiring certificate they have created a new one. This means, they had to do a re-enrollment with their iOS devices BUT NOT for the MacOS devices. Most of their devices are still connected to the old expired Apple MDM Push certificate and they are still compliant within Intune and working fine. Some of their devices are connected to the newest certificate and are also compliant.


How is this possible? Why behave iOS devices in a different way than MacOS devices? Why are they still compliant and connected to the old expired certificate?


Can someone help me in this case?

Posted on Oct 24, 2022 1:05 AM

Reply
Question marked as Top-ranking reply

Posted on Oct 26, 2022 10:14 AM

macOS uses 2 mechanisms to manage devices. The first is the push certificates. The second is the agent. Without the push certificate, the device will still check in with Intune, but certain actions will be unavailable. You'll have to re-enroll the macOS devices as well.


Pro-Tip 1: If your APNS cert expires or you lose access to the Apple ID used to create it, Apple support can assist with migrating or renewing it so you don't have to re-enroll all of your devices.

Pro-Tip 2: Always use an ABM/ASM controlled service account for creating the APNS cert.

Similar questions

3 replies
Question marked as Top-ranking reply

Oct 26, 2022 10:14 AM in response to Wallb4

macOS uses 2 mechanisms to manage devices. The first is the push certificates. The second is the agent. Without the push certificate, the device will still check in with Intune, but certain actions will be unavailable. You'll have to re-enroll the macOS devices as well.


Pro-Tip 1: If your APNS cert expires or you lose access to the Apple ID used to create it, Apple support can assist with migrating or renewing it so you don't have to re-enroll all of your devices.

Pro-Tip 2: Always use an ABM/ASM controlled service account for creating the APNS cert.

Apple MDM Push Certificates (APNs)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.