Posted on

Intune Apple Token Renewal

PSA: Renewing your Intune Apple Tokens Annually (All 3 of them)

Token / Cert NameApple LocationIntune Location
Apple Push Cert (User & Device Enrollment)https://identity.apple.com/pushcert/Devices > Enroll Devices > Apple Enrollment > Apple MDM Push Certificate
Apple Enrollment Program (Apple Business Manager)https://business.apple.com (Preferences > MDM Servers)Devices > Enroll Devices > Apple Enrollment > Enrollment Program Tokens
Apple VPP Tokens (Books and Apps)https://business.apple.com (Preferences > Payments and Billing)Tenant Administration > Connectors and Tokens > Apple VPP Tokens

Apple Push Cert Renewal (for all apple devices)

Renew the MDM push certificate with the same Apple account you used to create it.

  1. Sign in to the Microsoft Intune admin center.
  2. Select Devices > Enroll devices > Apple enrollment > Apple MDM Push Certificate.
  3. Select Download your CSR to download and save the request file locally. The file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
  4. Navigate to https://identity.apple.com/pushcert/
  5. Find the certificate you want to renew and select Renew.
  6. Select Choose File and select the new CSR file you downloaded.
  7. Select Upload.
  8. On the Confirmation screen, select Download.
  9. Return to the admin center > Configure MDM Push Certificate page, and upload your certificate file that is in .pem format.

*Apple Push Cert-  when it does expire, there is a 30 days grace period to renew.

Apple Enrollment Program Renewal (For supervised devices)

  1. Navigate to iOS/iPad OS enrollment under intune portal
  2. Select Enrollment program tokens and select the current token. Hit renew token
  3. Navigate to ABM (https://business.apple.com)
  4. In ABM, select the company below > preferences > under “Your MDM server” > download the token (.p7m file).
  5. You’ll upload this .p7m token under enrollment program tokens page on Intune.

Apple VPP Tokens (Books and Apps) (for BYOD or Corp devices)

  1. Navigate to Apple Business Manager or Apple School Manager.
  2. Download the existing token in Apple Business (or School) Manager, by selecting Preferences > Payments and Billing > Apps and Books > Server Tokens.
  3. Update the token in Microsoft Intune admin center by selecting Tenant administration > Connectors and tokens > Apple VPP tokens.
  4. Select the VPP token you are renewing, click Edit on the Basics category, upload the new token on this page, and then save your changes.

Leave a comment