Office 365 MDM (Mobile Device Management) allows you to manage iOS based Apple devices. Once you have had Office 365 Mobile Device Management is use for a year, the Apple APN certificate that you would have created a year ago for this purpose will expire. If you did not add this renewal date to your calendar when you set up Office 365 MDM, or if you have taken over as administrator from someone else since then you had best check for your renewal dates, as Apple will email the address they have for the certificate at 30 days, 10 days and the day before it expires. Here is the day before it expires email warning – and I got this yesterday. So I had better renew the certificate now then. You of course will not leave it so late!
To check your renewal date, login as a Global Admin to the Office 365 Portal. On the old portal visit the Mobile Management tab on the left and the renewal date is shown on the right:
The above is for one of my clients, and the 30 day warning arrived for them today – so I will do them in a few days time.
If you are using the new Office 365 admin portal, then expand Resources > Mobile Management on the left navigation bar (note, at the time of writing, you cannot renew your APNs from the new portal and must use the old – the new portal redirects you back to your starting page all the time and does not start the correct wizard). This opens the same window as shown above. Later versions of the new portal might integrate the page with the portal, but that is not currently active (April 2016):
To renew your certificate click the Manage settings link under the APNs Certificate for iOS devices message to the top right.
You will see the “Set up mobile device management” page:
Click Set up to the right of the “Configure an APNs Certificate for iOS devices”. This takes you to the “Install Apple Push Notification Certificate” page. On one of my tenants (possibly with the APNs expired already) clicking Set up took me back to the “Mobile Device Management for Office 365” and I could never get past it. That tenant needed a support call raised to fix.
On the “Install Apple Push Notification Certificate” page click “Download your CSR file” and save the file somewhere you can find shortly.
Click Next once file saved to disk.
On the second page of the wizard, click the “Apple APNS Portal” link. As this is a renewal, you need to login to the Apple Developer site with the same credentials used last time. If you have lost these and cannot reset them, then I suspect uploading a new certificate issued to a new ID will work, but I have not tested this.
Once signed in click Renew. If changing issuer account and you have access to the old account, then click Revoke and login with the new account to https://identity.apple.com/pushcert to generate the new APNs certificate.
On the Renewal page, upload the saved CSR file from step 1 into the “Vendor-Signed Certificate Signing Request” and click Upload:
If you get a prompt about opening or saving a file called renew.json then cancel it and refresh the web browser page to continue the CSR file upload. The Apple web site often issues a JSON file as a download, but that should not happen and is not the file you need. Once the APNs is ready the browser will change back to the Apple Push Certificates Portal home page with a new certificate present (confirm this as the date will be a year from today). Click Download to get the APNs file.
Upon clicking download you are offered to save a .pem file. This file will be called “MDM_ Microsoft Corporation_Certificate.pem”. If you are a Microsoft Partner and are doing this for multiple customers then rename it to suit the end client.
Close the Apple Push Certificates Portal page and in the previous tab you will find yourself back at step 2. Click Next.
In the file upload field, browse for MDM_ Microsoft Corporation_Certificate.pem (or whatever you renamed it to) and upload it to Office 365. The certificate is automatically uploaded. Click Finish and you are done.
Don’t forget to add a calendar appointment for this time next year just in case the reminders from Apple don’t reach you.
Leave a Reply