Category Filter

Introduction to Mobile Device Manager Plus(MDM)
- MDM Architecture
Setting up MDM
- Cloud
  - Create MDM Account
  - Personalize MDM
- On-Premises
User Administration
- User Management
- Roles & Permissions
- Scope
- Roles Matrix
Integrate Directory Services
- Entra ID with MDM On-Premise
- Entra ID with MDM Cloud
- Active Directory with MDM On-Premise
- Active Directory with MDM Cloud
- Okta
- G Suite (Google Workspace)
- SAML based generic IdPs
- Verify Domain
Enrolling devices
- Enrollment settings
  - Device Authentication
- Invite enrollment
- Self enrollment
- OS independent enrollment invites
- Customize ME MDM App
- Apple Enrollment
- Android Enrollment
- Windows Enrollment
- Chrome OS Enrollment
  - Integrating G Suite
- Deprovision devices
Group Management
Shared Device Management
Device restrictions and configurations
- Create Profiles
- Create Groups
- Associate Profiles to Devices
- Associate Profiles to Groups
- Verify Profile Deployment Status
- iOS/iPadOS profiles
- macOS Profiles
- tvOS Profiles
- Android Profiles
- Android Device Profiles
- Knox Profiles
- Chrome Device Profiles
- Windows Profiles
  - Passcode
  - Hello for Business
  - Restrictions
  - Wi-Fi
  - VPN
  - Kiosk
  - Email
  - Exchange ActiveSync
  - SCEP
  - Certificate
  - Shared PC
  - Custom Configuration
- Dynamic Variables
Conditional Access
- Exchange
- Office 365
- Office 365 MAM policy
- Azure AD CBA
- Configure Okta Device Trust with MDM
App Management
- MDM App Repository
- Associate apps to Groups
- Associate apps to devices
- Verify App Deployment Status
- Multiple Enterprise App Version Management
- Apple App Management
- Android App Management
- Chrome App Management
- Windows App Management
- App blocklisting
App Update Management
- App Update Policies
- Schedule Enterprise app updates
- Manage app update policies
Telecom Expense Management
Content Management
OS Update Management
- iOS/iPadOS/tvOS Update Management
- Android OS Update Management
- Custom Firmware Update Management
Certificate Management
- Generic SCEP CA integration
- ACME CA integration
- DigiCert integration
- Microsoft AD CS integration
- EJBCA CA integration
- Internal PKI
Asset Management
- Scan devices
- Inventory Details
- Alerts
- Device Attestation
- Announcements
- Bulk Actions
- Battery level tracking
- Audit Log
Remote Commands
Geo-tracking
Lost Device Management
Geofencing
Remote troubleshoot
- Android
- iOS
Reports
- Schedule reports
- Custom query reports
MDM Privacy and Security
- Server Security Settings
- Server Privacy Settings
- Device Privacy Settings
- Terms of Use
MDM Integrations
- ManageEngine Service Desk Plus
- ManageEngine Asset Explorer
- ManageEngine Analytics Plus
- Jira service desk
- Zoho CRM
- Zoho Creator
- ServiceNow
- Zendesk
FAQs
How-Tos
Knowledge Base
MDM Release Notes

Apple Push Notification Service

To manage Apple devices such as iPhones, iPads, Macs, iPods, Apple TVs etc, in the MDM Console, you need to configure an Apple Push Notification Service (APNs) certificate. An Apple Push Notification Service (APNs) certificate is a security credential provided by Apple that allows Mobile Device Manager Plus (MDM) server to communicate with Apple devices (iOS, macOS, iPadOS, etc.) securely. The APNs certificate establishes the MDM server's credibility with the Apple Push Notification Service (APNs), which acts as an initial relay between the server and Apple devices. This allows the MDM server to send push notifications for various tasks, including onboarding or enrolling Apple devices, updating configurations, installing apps, or executing remote commands.

Note: APNs certificates are valid for one year and must be renewed annually to maintain functionality.

Enroll Apple Devices in MDM

Below is a step-by-step explanation of the process, including a diagram for visual reference.

APNs creation workflow

Steps to Create and Upload an Apple Push Notification Service Certificate

Navigate to Enrollment->APNs Certificate in MDM Console. Click on "Get Started" to begin the process. Download the Vendor-signed (VendorSignedCSR.plist) CSR(Certificate Signing Request) file. This CSR is signed by ManageEngine and is required to create the APNs certificate in the Apple Push Notification portal.

Note: If you are using the on-premise version on MDM or Endpoint Central and mdm.manageengine.com.au is not accessible, a ManualCSR file will be generated. To obtain the VendorSignedCSR file, ensure the URL is accessible and retry, or contact MDM support via email to request the VendorSignedCSR file.
Access the Apple Push Certificate Portal and login using an Apple ID created with a shared email address (e.g., admin@zylker.com), which should serve as a common team account rather than being tied to an individual, to avoid complications like certificate renewal issues if an employee leaves the organization—create one Apple Account if needed.
After logging in, click on 'Create a Certificate' and follow the on-screen instructions to upload the Vendor-signed CSR file to generate the APNs certificate, download the file (.pem/.crt/.cer). This file need to be uploaded in the MDM Console.
Navigate to the MDM console and Upload the downloaded APNs certificate file. Enter the Corporate Apple ID used to create the APNs certificate. Provide the Organization Name.
- Add the corporate admin email address(es) in the "Email notification for APNs expiry" field. You can add multiple email addresses. Notifications about APNs expiry will be sent to these email addresses.
- Click "Upload". You will see a confirmation message: "APNs Certificate uploaded successfully!" on the MDM console.
You can either enroll Apple devices immediately by clicking "Enroll Now" or view the APNs certificate details by selecting "Later". If you are using On-Premise, then you can ensure the certificate is functioning correctly using the "Verify APNs connectivity" option.

1. APNs Validity: The APNs certificate is valid for one year from the date of creation. Ensure you renew it before expiration to avoid service disruption. Renew the APNs certificate at least 2-3 weeks before expiration to avoid service disruption.
2. Corporate Apple ID: Always use the same corporate Apple ID for renewing the APNs certificate. Using a different Apple ID will require re-enrolling all managed devices.
3. Email Notifications: Configure email notifications for APNs expiry to stay informed about renewal deadlines.

Steps to Remove an APNs Certificate in ME MDM

Pre-requisites

De-provision all Apple devices before removing the APNs certificate.
Remove all ABM/ASM servers from the MDM Console.
If using the MSP version, ensure that Apple devices and ABM/ASM servers are removed from all customer accounts.

Impact of Removal: You will not be able to manage any Apple devices until a new APNs certificate is uploaded.

Steps to Remove APNs Certificate:

Navigate to Enrollment->APNs Certificate in MDM Console.
Click Remove APNs. Confirm the removal.

Remove APNs certificate

Troubleshooting Tips

APNs Certificate Expired: Renew the APNs certificate by following the steps outlined in the Renew APNs Guide.

Push Notifications Not Working:Verify the APNs certificate is correctly uploaded in ME MDM. For On-Premise setups, verify connectivity to ensure proper communication. Ensure the certificate is not expired. Check the Apple Developer Portal for any issues with the certificate.

Jump To

Overview
Steps to Create an APNs Certificate in ME MDM
Steps to remove an APNs Certificate in ME MDM
Troubleshooting Tips

< Previous

Next >

Identity and access management

Unified service management

Unified endpoint management and security

IT operations management and observability

Security information and event management

Advanced IT analytics

Low-code app development

Cloud solutions for enterprise IT

IT management for MSPs

Active Directory management Manage, track, and secure Active Directory

Identity governance and administrationOrchestrate user identity management and access controls for Zero Trust

Privileged access managementControl and secure privileged access to critical enterprise systems

Enterprise and IT service managementDeliver a consistent employee experience across business functions

Customer service managementBuild a one-stop portal for customers with efficient account management

IT asset managementCentralize and automate the complete IT asset life cycle

SIEM Spot, investigate, and neutralize security threats

Log and compliance managementGain deeper visibility into security events and ensure compliance

Security auditingAudit Active Directory, cloud platforms and files to enhance your security posture

Endpoint management and protection platform (UEM and EPP)Secure and manage endpoints to protect your IT assets effectively

Endpoint managementAchieve intelligent IT device management with zero user intervention

Endpoint securityDefend against threat actors with proactive and reactive measures

Full-stack observability and digital experience monitoringAchieve end-to-end visibility, proactive issue resolution, and enhanced security

Network and server performance monitoringEnsure network, server, and storage reliability with AI-powered insights

IT incident managementEfficiently manage and resolve IT incidents while ensuring transparency

DNS and DHCP managementOptimize IP address and domain management

Cloud cost managementRight-size and take control of your cloud costs

IT analyticsConnect to your IT applications and visualize all facets of your IT

Cloud-native solutions for IT managementMonitor, manage, audit, and secure your multi-cloudand hybrid infrastructure

Business applications for ITBoost productivity and improve team collaboration

Custom solution builderBuild tailor-made apps to automate operations at your organization

Solutions for MSPsGrow your MSP business with scalable and secure IT management solutions

Apple Push Notification Service

Enroll Apple Devices in MDM

Steps to Create and Upload an Apple Push Notification Service Certificate

Steps to Remove an APNs Certificate in ME MDM

Troubleshooting Tips

Active Directory
management Manage, track, and secure Active Directory

Identity governance
and administrationOrchestrate user identity management and access controls for Zero Trust

Privileged access
managementControl and secure privileged access to critical enterprise systems

Enterprise and IT service
managementDeliver a consistent employee experience across business functions

Customer service
managementBuild a one-stop portal for customers with efficient account management

IT asset
managementCentralize and automate the complete IT asset life cycle

Network and server
performance monitoringEnsure network, server, and storage reliability with AI-powered insights

IT incident
managementEfficiently manage and resolve IT incidents while ensuring transparency

Cloud-native solutions for IT managementMonitor, manage, audit, and secure your multi-cloud
and hybrid infrastructure