Endpoint Insights
Renewing Your Apple MDM Certificate for Intune
Topics: Endpoint Insights
Today, with just 10 days left on my existing Apple MDM certificate for Intune, I need to renew it BEFORE it expires. I know the timing isn’t perfect because this is the start of everyone working from home because of COVID-19. If I don’t renew it BEFORE it expires, however, then I will have a lot more headaches! This blog post shows you how the whole renewal process takes only a few minutes to complete. Trust me when I say, “DO IT NOW!” and don’t wait to renew your Apple MDM certificate. As the saying goes, “Been there, done that,” and I’m not doing that again.
Reminder for Your Apple MDM Certificate Renewal
30-days before the certificate expires, you are sent an email telling you that the certificate is expiring soon. Of course, I ignore this reminder because I tell myself that I have lots of time to deal with it. 10-days before the certificate expires, I receive a second email (shown above) telling me that the certificate is soon to expire. At this point, I knew I had to renew it NOW or I would forget about it again.
What happens when you don’t renew the certificate in time? Apart from having to redo the entire process of creating a certificate, more importantly, you must re-enroll all of your Intune clients. I can’t imagine how much work that would entail if you had to re-enroll thousands of devices. In my lab, I have less than 10 devices and I will do everything I can in order not to re-enroll them.
Renewing Your Apple MDM Certificate for Intune
Start by logging on to the Intune portal page. On the home page, you see that your certificate is about to expire (not shown). Click on the link to the Device enrollment page (shown above). Again, you see that your certificate is about to expire.
I’m writing this blog post after I completed all of the steps, so you have to take my word for it that this slide-out window was super easy to find! I’m impressed with how easy Microsoft made it to renew Apple MDM certificates. Simply start at the top of the page and work your way down. The only hard part for me was Step #3, but more on that in a second.
#1 Select, “I agree,” if it isn’t already done for you.
#2 Click on Download your CSR. The file is downloaded to your download folder.
#3 Click on Create your MDM push Certificate. This takes you to Apple’s website.
Here you must logon. As I mentioned earlier, this was the hardest part for me because I couldn’t remember neither my Apple ID nor the password. Fortunately, since I manage my passwords with Keepass, it only took a few seconds to locate those details.
a) Next, click on Renew next to the MDM certificate.
b) You are presented with a screen (not shown) to upload the CSR file that was downloaded in Step #2.
c) Once completed, you return back to the Certificates for Third-Party Servers screen. Click on Download. This downloads the MDM_ Microsoft Corporation_Certificate.pem file to your download folder.
#4 Back on the Configure MDM Push Certificate slide-out window, enter in your Apple ID.
#5 Select the MDM_ Microsoft Corporation_Certificate.pem from your download folder.
#6 The last step is to click on the Upload button. Now, you are done!
Honestly, it took far longer to write this blog post then it did to perform these steps! Don’t be that guy that waits until the last second to renew your certs. The whole process took me less than 10-minutes and that includes looking-up my username and password for each site.
Verifying Your Certificate
At the top of the Configure MDM Push Certificate slide-out window, in the Intune portal, you can see that my renewed cert is active and that it expires in 365 days of when I renewed it – March 20, 2021. I’m good until next year! With that task completed, I can go back to working from home and not worrying about my Apple MDM certificate.
Please feel free to touch base with me @GarthMJ if you have any questions.