Setting up Apple Business Manager – Part 2


Hopefully you’ve followed part 1 of this series which takes you through the tasks of enrolling with Apple Business Manager.

The next part of this series doesn’t really have much to do with ABM, however I thought it would be worth adding to the series as it is needed as a pre-requisite for setting up Apple enrollment and this configuring the Apple Push Certificate. I’m pretty sure I have blogged this before but let’s run through it for completeness.

The Apple MDM Push Certificate is used by Intune to manage Apple devices. You need to renew this certificate annually and it’s recommended that the Apple managed ID associated with this is a distribution list or shared mailbox as you want visibility when this certificate needs renewal. You are going to have to re-enrol your devices if this is not renewed in time!

Login to MEM admin center and go to Devices\iOS/iPadOS\iOS/iPadOS enrollment. Click Apple MDM Push certificate.

Click the I agree checkbox to grant Microsoft permission to send user and device information to Apple.

Click the Download your CSR link. This will download a certificate signing request which you need to upload into the Apple Push Certificate portal.

Click the Create your MDM push Certificate link.

This will redirect you to the Apple Push Certificate portal or click the link here https://identity.apple.com/pushcert

Log into the portal with an Apple ID associated with your company, as mentioned a DL address is good here or the administrator account used to set up the ABM is another possibility.

Click the Create a Certificate button.

Check the I have read and agree to these terms and conditions checkbox and click Accept.

Select your CSR file created earlier and click Upload.

You’ll receive confirmation that you have created a new push certificate. Click Download to down the certificate which will be in .pem format.

Next, hop back to the MEM Admin Center, enter the Apple ID used at the Push Certificate portal to create the .pem file.

Browse to the .pem file.

Click Upload.

The status of Configure MDM Push Certificate will change to Active. The Push Certificate is now configured.

Part 3 is available here.

2 comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s