Set up iOS and Mac device management

Applies to: Intune in the classic portal
Looking for documentation about the Intune Azure portal preview? Go here.

Intune enables mobile device management (MDM) of iPads, iPhones, and macOS devices and gives users access to company email and apps. An Apple Push Notification service (APNs) certificate is required for Intune to manage iOS and Mac devices. After the certificate is added to Intune, users can install the Company Portal app to enroll their devices, or the admin can set up corporate-owned iOS device management.

  1. Set up Intune
    If you haven’t already, prepare for mobile device management by setting the mobile device management authority as Microsoft Intune and setting up MDM.

  2. Get a certificate signing request
    As an administrative user, open the Microsoft Intune administration console, go to Administration > Mobile Device Management > iOS and Mac OS X > Upload an APNs Certificate, and then choose Download the APNs certificate request. Save the certificate signing request (.csr) file locally. The .csr file is used to request a trust relationship certificate from the Apple Push Certificates Portal.

    Upload APNs certificate dialog box

  3. Get an Apple Push Notification service certificate
    Go to the Apple Push Certificates Portal, and sign in with your company Apple ID to create the APNs certificate by using the .csr file. After choosing Upload on Apple's Push Certificate Portal, you will receive a .json file that cannot be used for APNs. Complete the download, return to the Apple Push Certificates Portal for Certificates for Third-Party Servers, and then choose Download.

    Download the APNs (.pem) certificate, and save the file locally.

    Note

    Every year, you need to renew (not replace) this APNs certificate. Use this same Apple ID to sign in to Apple's Push Certificate Portal to renew the certificate, and then use the same instructions in this topic to download the certificate, and then upload it to Intune.

  4. Add the APNs certificate to Intune
    In the Microsoft Intune administration console, go to Administration > Mobile Device Management > iOS and Mac OS X > Upload an APNs Certificate, and then choose Upload the APNs certificate. Go to the certificate (.pem) file, choose Open, and then enter your Apple ID. With the APNs certificate, Intune can enroll and manage iOS devices by pushing policy to enrolled mobile devices.

  5. Tell your users how to enroll their devices to get access to company resources.

    For end-user enrollment instructions, see Enroll your iOS device in Intune and Enroll your macOS device in Intune. The enrollment process tells users what they can expect, and what IT administrators can and can't see on their devices.

    For information about other end-user tasks, see these articles:

If your company or organization buys iOS devices for users, those devices can also be enrolled for management as company-owned iOS devices.

See Also

Prerequisites for enrollment with Microsoft Intune

To submit product feedback, please visit Intune Feedback