In the ConfigMgr console, navigate to Administration> Windows Intune Subscription
- Click on Create APNs certificate request
- Click Browse and specify a file name and path to download the CSR file to
- Click Download and Sign In with an account with Windows Intune Administrator permissions
- When the file has downloaded click the link listed on screen in Step 1 to upload the request to the Apple Push Certificate Portal
- If you haven't already got an AppleID that you can use as a shared ID that multiple admins in your organisation may know the password for, then it's time to create one.
In my opinion, it's probably best to create a new dedicated one for ConfigMgr/Intune anyway.
This AppleID isn't used for installation of software on devices, just for creating and renewing the certificate for the service with Apple.
- When you click the link in the ConfigMgr console a browser should open up to https://identity.apple.com/pushcart
- Click Create a Certificate to get started
- Browse for the CSR file that you downloaded and saved earlier in the ConfigMgr console
N.B. This next bit is important!
- For some reason if you're using Internet Explorer then the automatic prompt to download the certificate doesn't work. If you download it using this dialog the certificate file will be corrupt and ConfigMgr/Intune will reject it.
- So you've been warned, Click Cancel.
- Sign out of the Apple Push Certificates Portal and then sign back in again.
- This time you'll be presented with a different screen that lists the certificates associated with that account.
- Use this page to click on the Download button and save the certificate PEM file to somewhere safe.
- This is that same place that you'll come back to next year to renew the certificate.
- Back in the ConfigMgr console highlight the Windows Intune Subscription and click on the properties button in the ribbon.
- Choose the iOS tab on the Window that opens.
- Check the box next to Enable iOS platform
- Click Browse and locate the certificate PEM file you downloaded from Apple
- Select the certificate file and click open
- Click Apply then Click OK
All done! iOS direct management is now enabled in ConfigMgr via Windows Intune.
I'll add another post very shortly that goes through setting up the iOS devices for management and how to deploy some software to them through ConfigMgr.