When you start using Intune with services like Microsoft 365 Enterprise or stand alone you’ll need to add an Apple MDM push certificate to allow iOS devices to be managed by Intune. If you don’t, you’ll get errors when you try and add these devices.
Here’s how you create and add an Apple certificate to Intune.
When you initially go into Intune via the Azure portal you’ll need to set the Mobile Device Management Authority as shown above. Simply select the option for Intune MDM Authority and the Choose button to save the choice.
In the list of Intune options, under the Manage heading, select Device enrollment.
From the blade that appears, select Apple enrollment from the menu and the right side will then show a number of boxes.
Select the box in the top left that should have the heading Apple MDM Push Certificate.
Another blade will open. Under Step 1, select the Download your CSR hyperlink.
This will prompt you to save a file called IntuneCSR.csr to your computer.
In Step 2, select the hyperlink Create your own MDM push certificate.
This will open a new tab in your browser and take you to the above Apple site. You’ll need to have or create an Apple ID to login here.
You’ll need to create a new certificate. To do so, select the option to Browse at the bottom of the window as shown above.
Navigate to the certificate file you downloaded from the Intune portal previously.
Then select Upload.
Next, select to Download the certificate created by the Apple site.
Return to the Intune portal and insert the Apple ID you used to create the certificate in Step 3.
In Step 4, upload the Apple certificate.
When complete, select the Upload button at the bottom of the page.
When you now look at the Intune portal the Apple MDM Push Certificates should now show a green tick, as shown above. This will now allow you to place iOS devices under Intune management.