Edit

Share via


Renew iOS certificate and tokens

Apple MDM Push certificates, enrollment program tokens, and VPP tokens expire 365 days after you create them. It's important to renew them to maintain the connection between your Intune for Education account and Apple account. This article describes how to renew the certificate and tokens in Intune for Education.

Renew Apple MDM certificate

Important

If the Apple MDM certificate is deleted, you must reset and re-enroll devices with a new certificate.

The MDM push certificate is associated with the Apple ID you used to create it. Renew the certificate with this same Apple ID.

  1. Sign in to Intune for Education.

  2. Go to Tenant settings.

  3. Expand iOS Device Management, and then select MDM push certificate.

  4. Select Renew certificate.

  5. Follow the onscreen step-by-step instructions:

    1. Select Download to save the certificate signing request file from Intune.

    2. Sign in to the Apple Push Certificates Portal. Remember to sign in to the Apple Push Certificates Portal with the Apple ID you used to create your original certificate.

    3. Find the expired certificate in your list of certificates for third-party servers. Select Renew.

    4. Upload the certificate signing request file.

    5. In the Apple Push Certificates Portal, return to your list of certificates for third-party servers. Download the MDM push certificate for the certificate you just renewed.

    6. Return to the Intune for Education portal. Next to STEP 3, enter the Apple ID you used to sign in to the Apple Push Certificates Portal.

    7. Upload the renewed Apple push certificate file.

  6. Select Save.

Renew enrollment program token

Renew the enrollment program token annually to keep Intune for Education up to date with your school's devices. This process requires you to sign in to Apple School Manager to download the token.

  1. Go to Tenant settings.
  2. Expand iOS Device Management, and then select Enrollment program tokens.
  3. Select the token that you want to renew.
  4. Select Renew token.
  5. Follow the onscreen instructions. Remember to sign in to Apple School Manager with the Apple ID you used to get your original token. After you renew and download the token, return to Intune for Education to complete the remaining steps on this screen.
  6. Select Save.

Renew VPP token

Renew your VPP tokens annually to make sure your VPP-purchased apps can be viewed and assigned from Intune for Education.

The VPP token is associated with the Apple ID you used to create it. Renew the token with this same Apple ID.

  1. Go to Tenant settings.
  2. Expand iOS Device Management, and then select VPP tokens.
  3. Find the token that you want to renew. Select the link that's in the Associated apps column.
  4. Select Renew token.
  5. Follow the onscreen instructions. Remember to sign in to Apple School Manager with the Apple ID you used to get your original token. After you renew and download the token, return to Intune for Education to complete the remaining steps on this screen.
  6. Select Save.

Tip

When choosing a region, select where your school's devices are located.

Next steps

Now that your certificates and tokens are renewed, make sure group settings are up to date. To see the current status of your groups in Intune, see view reports.