Apple Intelligence is now available on iPhone, iPad, and Mac!

⏺ Join the discussion

⏺ Press release 

⏺ Learn more

⏺ Watch the video

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Wallb4
Wallb4 Author
User level: Level 1
4 points

Apple MDM Push Certificates (APNs)

Hey!


I need your help regarding APNs certificates. In my team we use Microsoft Intune as an MDM provider to enroll and manage Mac and iOS devices. Therefore, you have to create an Apple MDM Push Certificate within Intune. If this certificate expires, you have to renew it by following the rules (same AppleID as last time and renew the certificate instead of creating a new one).


Now, we have a phenomen with one of our customers where we manage iOS and MacOS devices.

Instead of renewing the expiring certificate they have created a new one. This means, they had to do a re-enrollment with their iOS devices BUT NOT for the MacOS devices. Most of their devices are still connected to the old expired Apple MDM Push certificate and they are still compliant within Intune and working fine. Some of their devices are connected to the newest certificate and are also compliant.


How is this possible? Why behave iOS devices in a different way than MacOS devices? Why are they still compliant and connected to the old expired certificate?


Can someone help me in this case?

Posted on Oct 24, 2022 1:05 AM

Reply
Question marked as Top-ranking reply
User profile for user: celliott147
celliott147
User level: Level 6
12,212 points

Posted on Oct 26, 2022 10:14 AM

macOS uses 2 mechanisms to manage devices. The first is the push certificates. The second is the agent. Without the push certificate, the device will still check in with Intune, but certain actions will be unavailable. You'll have to re-enroll the macOS devices as well.


Pro-Tip 1: If your APNS cert expires or you lose access to the Apple ID used to create it, Apple support can assist with migrating or renewing it so you don't have to re-enroll all of your devices.

Pro-Tip 2: Always use an ABM/ASM controlled service account for creating the APNS cert.

View in context

Similar questions

3 replies
Question marked as Top-ranking reply
User profile for user: celliott147
celliott147
User level: Level 6
12,212 points

Oct 26, 2022 10:14 AM in response to Wallb4

macOS uses 2 mechanisms to manage devices. The first is the push certificates. The second is the agent. Without the push certificate, the device will still check in with Intune, but certain actions will be unavailable. You'll have to re-enroll the macOS devices as well.


Pro-Tip 1: If your APNS cert expires or you lose access to the Apple ID used to create it, Apple support can assist with migrating or renewing it so you don't have to re-enroll all of your devices.

Pro-Tip 2: Always use an ABM/ASM controlled service account for creating the APNS cert.

Reply

Apple MDM Push Certificates (APNs)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up