Before you begin
Renewing your Apple Push Notification Service (APNS) certificate is a critical annual task for Intune administrators. If the certificate expires, enrolled Apple devices may need to be re-enrolled—causing disruption for users and IT teams alike. This guide walks you through the renewal process step by step.
If, like me, you’ve recieved a notification from Apple advising your push notification certificate is expiring, And you use Microsoft Intune to manage your mobile devices, you’ll need to follow these below steps in order to update the certificate.
Failure to do this, And if the devices aren’t always on such as maybe a pool / loaner iphone/Ipad, They will need to re-enroll in the service as they will stop talking/trusting the Intune service and you won’t be able to deploy new apps to them or push new configurations.
Generate CSR in Intune
Go to Microsoft Intune Portal
From Here, Click on Devices, IOS/IpadOS
Click on Enrollment on the left hand menu
Click on “Apple MDM Push Certificate”
Click on “Download your CSR” and note where it saves to.
Renew Certificate in Apple Portal
Under Step 3, Click Create your MDM push Certificate
This will take you to the Apple signin page where you’ll need to use the AppleID login details you used when you first setup Intune MDM
Once you sign in, You’ll need to run through Apple’s MFA
Click renew next to the expiring certificate
Click Choose file and browse to the previously downloaded certificate
Click Download, and download your new certificate – This will be uploaded to the Intune portal in the next step
Once downloaded, you can close the Apple page as this is no longer required.
Upload New Certificate to Intune
Enter your Apple ID you’ve just used to create your certificate. And then browse to the replacement certificate.
Click Upload at the bottom
