When you use Intune to manage your Apple devices you’ll need to add a push certification to allow control of the device. If you don’t do this, then you’ll get error messages about failing to join when you try and enrol the device using the Intune Company Portal App on the device.
To add a management certificate you’ll firstly need to login to the Azure portal as an administrator. You’ll then need to navigate to Intune.
Once there, select Device enrollment from the menu.
Next select Apple enrollment from the new menu that appears.
When you do this a new window should appear on the right. Select the top option, Apple MDM Push certificate.
You will see the enrolment status at the top of the page. If this is a new tenant, the status will show Not set up as shown above.
Scroll down the windows to commence the set up process.
Place a check in the I agree box in section 1.
Then select Download your CSR from section 2.
Save this certificate file on your local machine. Make a note of this location as you’ll need to upload it soon.
Scroll down to section 3 and select the hyperlink Create your MDM push Certificate.
This will open a new browser window and ask you to login using an Apple ID. if you don’t have one of these yet, you’ll need to create one. If you are doing this on behalf of a company it is best practice to use an Apple ID that is linked to the business rather than the individual.
Once you have logged in, you’ll see any certificates that you have already created.
Select the Create Certificate button in the top right.
Accept the terms and conditions.
Browse to the location where you downloaded the certificate file from Intune previously. Select the file. Then select the Upload button.
In a moment you should now see that a new certificate has been created for you. It is important to note that certificate last for 12 months, after which time it will be required to be replaced or renewed.
Select the Download button to copy the new Apple management certificate to your machine.
Save this Apple management certificate on your local machine and remember where it is located.
Return to the Azure portal and the setup in Intune.
In section 4 enter the Apple ID that you used when you created the certificate.
In section 5 browse to the Apple management certificate you just downloaded.
When complete, select the Upload button at the bottom of the page.
In a few moments you see a message from the Azure portal indicating that the certificate has been successfully uploaded.
If you now scroll to the top of the page in Azure you should see that the status is now Active as shown above.
You have now successfully uploaded and configured an Apple management certificate into Intune. You can now proceed to enrol your Apple devices into Intune management. Just remember, that this certificate is valid for 12 months, after which time you’ll need to renew it.