iOS device management with Microsoft Intune

Microsoft Intune provides iOS and Mac OS X device enrollment to give access to company email and apps to iPhone, iPad and Mac users. Once users install the Intune company portal app, their devices can be targeted with policy using the Intune administration console.

Before you can manage iOS and Mac devices, you must import an Apple Push Notification service (APNs) certificate from Apple.

Steps to manage iOS and Mac devices with Microsoft Intune

Set up Intune: ensure that the mobile device management authority is set as Microsoft Intune.


Get a certificate signing request: This certificate allows Intune to manage iOS and Mac devices and establishes an accredited and encrypted IP connection with the mobile device management authority services.

1 DownloadRequest

click Download the APNs certificate request. Save the certificate signing request (.csr) file locally.


The .csr file is used to request a trust relationship certificate from the Apple Push Certificates Portal.

Get an Apple Push Notification service certificate: Go to the Apple Push Certificates Portal and sign in with your company Apple ID to create the APNs certificate using the .csr file.

3 Apple Portal

4 AppleLogin

Note: This Apple ID must be used in future to renew your APNs certificate.

Click on Create Certificate to submit the certificate request

5Create Cert

Click on Browse to locate the locally stored certificate signing request (.csr) file and then click Open


Cancel the. json file download notification


Refresh the page and you will find the newly created certificate listed under “Certificates for Third-party serversselect the Certificate you want to download and click Download

8Download Cert

Download the APNs (.pem) certificate and save the file locally. This APNs certificate file is used to establish a trust relationship between the Apple Push Notification server and Intune’s mobile device management authority.

9 Save Cert

Now we need to add the APNs certificate to Intune. click Upload the APNs certificate.

10 upload Certificate

Browse to the locally saved certificate (.pem) file and click Open and then enter your Apple ID. With the APNs certificate, Intune can enroll and manage iOS devices by pushing policy to enrolled mobile devices.

11 Upload

Once the APNs certificate is uploaded successfully, the Intune portal will show the status as “Ready for Enrolment



Now we can inform the users to get access to company resources through the company portal.

Please refer to the “Enrolling iOS device through company portal blog for enabling iOS device management. In this post, we will demonstrate how the end user is going to enroll their own iOS device with Microsoft Intune.


%d bloggers like this: