When you configure Apple enrollment on Microsoft Endpoint Manger (https://endpoint.microsoft.com), you must have configured Apple MDM Push certificate which is a prerequisites for configuration of Apple enrollment for Microsoft Intune. The certificate expiry is normally 365 days and when its near its expiry date you get notified 30 days and then 10 days before.
If you do not renew the certificate and it gets expired then a new certificate will need to be generated and installed which will require all the apple devices to get re-enrolled. Therefore, its easier to just renew the certificate before expiry date. I will suggest to note down the certificate expiry date and add a reminder in outlook or a powershell script or something which will send an email to the admins that the certificate is about to expire.
There are couple of steps which you need to take to renew the certificate, We will go through the steps and also see how to renew the certificate with screenshots.
- Login on Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com)
- Click on Devices -> Enroll Devices -> Apple enrollment and then click on Apple MDM Push Certificate
3. After you click on Apple MDM Push certificate, A pane will open on the right hand side. Check the Status of the certificate and Days until expiration.
4. Download CSR from Configure MDM Push Certificate Pane.
5. Find the certificate which needs to be renewed and then click on Renew button:
6. Upload the CSR downloaded in the previous step.
7. Download the certificate.
8. Go back to Endpoint Manager admin center -> Devices -> Enroll Devices -> Apple enrollment and then click on Apple MDM Push Certificate. Enter Apple ID and Browse to the certificate downloaded in previous step. (MDM_ Microsoft Corporation_Certificate.pem). Click on Upload.
9. Check the status of the certificate on Configure MDM Push Certificate Pane