Intune/ABM: Renewing Tokens & Certificates

It’s that time of the year again! No, we are not talking about Valentine’s Day even though it’s around the corner. HAHAHA

It’s actually time renew our tokens and certificates to maintain the connections between Microsoft Intune and Apple Business Manager (ABM). Everyone has different renewal time based on when the tokens and certs are created in their environment. It just happens that mine recently expired, so I want to share with you how.

Don’t worry - it’s not as difficult as it may seem. You can knock them all out within 20-30 minutes - 10 minutes if you’ve had 2 cups of Vietnamese coffee back-to-back.

Tokens/Certs to Renew:

• Apple MDM Push Certificate

• Enrollment Program Token

• Apple VPP Token

• SCIM Token

1. Open up Intune > Devices > iOS/iPadOS > iOS/iPadOS Enrollment > Apple MDM Push Certificate

2. Select on Download your CSR

3. Select Create your MDM Push Certificate to be taken to the Apple Push Certificates Portal

4. Sign in to ABM with the same Apple ID as the one registered with your Push Certificate

5. On ABM, select Renew for Microsoft Corporation

6. Upload the CSR file that you downloaded earlier from Intune and select Upload

7. Once the upload is successful, select Download to download the Apple MDM Push Certificate

8. Go back to Intune, type in the matching Apple ID, upload that cert, and select Upload

9. You’re DONE! The expiration date should be updated.

1. Start by going to Intune > Devices > iOS/iPadOS > iOS/iPadOS Enrollment > Enrollment Program Tokens

2. Select the token that you want to renew

3. Select Renew token

4. To generate a new token, click on the Generate a new token for Apple Business Manager link, which will take you to the ABM portal.

5. On ABM, sign in with the same Apple ID as the one from your Intune

6. Select your name at the bottom left-hand corner > Preferences > your Intune MDM server > Download Token

7. Go back to Intune to upload the file

8. Select Next > Create

9. You’re DONE! The Expiration Date should be updated now.

1. Go on Intune > Tenant Administration > Connectors and tokens > Apple VPP tokens

2. Find the token that you want to renew and select it

3. Select Edit next to Basics

4. To get that file, open up ABM, select your name at the bottom left-hand corner > Preferences > Payments and Billing

5. Select Download next to the token you want to update

6. Go back to Intune, upload the VPP token file

7. Select Review + Save

8. You’ll see the updated date for the Expiration date

If you’re an admin on ABM, you’ll get two email notifications - one for 60 days before your SCIM Token expires and another one 30 days before.

To Renew Your SCIM Token:

1. On ABM, select your name at the bottom left-hand corner > Preferences > Directory Sync > Edit

2. Now open Azure on a different window or tab and go to Enterprise Application

3. Find Apple Business Manager

4. Select Apple Business Manager > Provisioning > Provisioning

5. Expand Admin Credentials

6. Go back to ABM and select Generate Token

7. Copy and paste that token to the Secret Token field for Apple Business Manager on Azure’s Enterprise Application

8. Do a Test Connection to make sure the connection between ABM and Azure is good

9. Select Save

10. You’re DONE!

Note: It’s worth noting to delete the old SCIM token on ABM to avoid stale tokens from piling up.

I have a course on migrating iOS/iPadOS devices to Intune with ABM if you need help with your migration!