Creating Apple MDM Push certificate for Intune using PowerShell

Oleg Tserkovnyuk 541 Reputation points
2022-01-20T15:10:25.087+00:00

Hello,

I am trying to automate creation of Apple MDM Push certificate.

To do this manually I:

  1. Go to https://endpoint.microsoft.com/?ref=AdminCenter#home
  2. Click on "Devices > iOS/iPadOS > iOS/iPadOS enrollment"
  3. Under 'Prerequisites', click on "Apple MDM Push certificate"
  4. Click on "Download your CSR". This will save an IntuneCSR.csr file to your download folder.
  5. Click on "Create your MDM push Certificate". This will open up the Apple Push Certificates Portal in another tab/window. Log in with the Apple ID previously created.
  6. In the Apple Push Certificates Portal tab/window, click on "Create Certificate"
  7. Check "I have read and agree to these terms and conditions" and then click "Accept"
  8. Browse to where you saved the IntuneCSR.csr file and upload it
  9. In the Confirmation page, click on "Download". This will save an MDM_Microsoft Corporation_Certificate.pem file to your download folder.
  10. Go back to the Intune Admin Center tab/window and enter in the Apple ID you previously created (itvendors@CLIENTDOMAINNAME) under Apple ID
  11. Under "Browse to your Apple MDM push certificate to upload", click on the folder icon and browse to where you saved the MDM_Microsoft Corporation_Certificate.pem file and click
    Upload"

To automate this I am using Intune-PowerShell-SDK

I can get request file for certificate using command Invoke-IntuneDownloadApplePushNotificationCertificateSigningRequest.
Unfortunately that is it.
I see there are few additional commands which should help to complete this process, but I cannot make them work together.

New-ApplePushNotificationCertificateObject
New-IntuneApplePushNotificationCertificate
New-DeviceManagement_ApplePushNotificationCertificate

What I tried:
$cert = Invoke-IntuneDownloadApplePushNotificationCertificateSigningRequest
New-DeviceManagement_ApplePushNotificationCertificate -appleIdentifier myappleids@companylab.com' -certificate $cert.value

Second command crashes with error:
New-DeviceManagement_ApplePushNotificationCertificate : 400 Bad Request {"error":{"code":"No method match route template","message":"No OData route exists that match template ~/singleton/navigation with http verb POST for request /DeviceFE/StatelessDeviceFEService/deviceManagement/applePushNotificationCertificate

Due to lack of documentation for this module it is not clear how to use these commands. Get-Help also does not give a lot.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,326 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Lu Dai-MSFT 28,346 Reputation points
    2022-01-21T02:34:57.267+00:00

    @Oleg Tserkovnyuk Thanks for posting in our Q&A.

    For this issue, it is more related to develop scope. For the error message, it is general and is not enough to find the cause. With Q&A limitation resource, Q&A is not the best channel for such case. To get accurate help, it is suggested to create an online support ticket. Here is the support link:
    https://learn.microsoft.com/en-us/mem/get-support

    Thanks for your understanding and hope everything goes well with you.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments