When configuring any MDM system, including Intune to manage Apple devices you need an APN, Apple Push Notification Certificate. This certificate is valid for 365 days, and you should not forget to renew this before it expires. It will cause you some headache when managing your Apple devices 🙂

Generally I recommend to create a generic email address that is linked to a mailbox that is daily monitored by ServiceDesk or another team.

Every now and then I get some question if Apple will notify when the certificate is expiring and how it looks like, so here are some screenshots.

First this is how it looks from Intune, when entering Device enrollment > Apple enrollment > Apple MDM Push Certificate

apn 2019-01-03_12-06-44

You can clearly see the certificate expiration date

How does it look like in your mailbox? You will get two emails from Apple <appleid@id.apple.com>. The first message will arrive 10 days before and then a final notice the day before it expires. This is how they looks like

apn 2019-01-03_12-10-39

apn 2019-01-03_12-12-00