This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 88%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
I found an old question regarding this, but was nearly 8 years old.
We have Macs and iOS devices, but the MDM Push Certificate was setup with a personal Apple ID. We need to change this asap with minimal effect to end users. What is the best practice here? Impact?
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 65%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGD%3C/text%3E%3C/svg%3E)
Justin can we talk about this situation? I have a similar problem now, hou did you do it? How long it happened?
Contact Apple as only they can help you with this. Normally, swapping out the MDM cert requires all Apple devices to be reenrolled as the MDM profile is linked to the cert. This is all Apple device management specific and not related to Intune.
Thanks Jason. I wasn't sure of the process after Apple assisted within Intune or if there were any specifics.
Perhaps this document can help you a little bit.
We're facing a similar problem. Token used AppleID from somebody who's going to leave the company. Not sure if we could renew the whole thing with another AppleID without re-enrolling devices...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 24%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
If the person doesnt have anything associated with that apple id apart from the certificates you can go to http://appleid.apple.com/ logon with that e-mail and change to another e-mail. If you have federation configured you cannot configure another e-mail on the same domain, then your best bet as Jason said is to contact apple support and ask them to migrate the current cert to another apple id. Once you done that you need to go on intune and re-import the same cert changing the Apple ID to the new one as per the Notes field at https://learn.microsoft.com/en-us/mem/intune/enrollment/apple-mdm-push-certificate-get
I got this task completed successfully if you need any help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 41%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
We are experiencing the same exact issue. My colleague has already contacted apple and moved the cert from the old apple id to a more permanent one. The certificate has been renewed in inTune. Does this require all of the existing devices be re-enrolled at this point?
As long as your cert was not expired the cert was moved to the new Apple ID. You renew the cert from the new Apple ID and all devices stay connected.
Thanks for the quick response. It turns out the cert did expire. The full story is the cert expired months ago and within the last week or so it was transferred to a new apple-id and renewed. However, because it expired we needed to create a brand new cert. So, looks like there is no avoiding the re-enrollment.
How can I see dat we've got federation configured?
To be clear, I can see the Apple VPP Token at Home - Tenant admin - Connectors and tokens - Apple VPP Tokens.
There is the AppleID, Token Name, and Status which says: Assigned to external MDM (Which is Jamf). Properties also says: assignedToExternalMDM
Also at Home - Devices - iOS/iPAdOS enrollment i can see this token where the same ID is used:
about 59 devices are enrolled with this token/apple id...
I am fairly new to this... These kind of things you do only once in Azure....
Hi Jose, How can we check if federation is used?
Justin, would like to know the steps: here are some screenshots:
So it's about changing the appleid. We have got another AppleID in Buissiness manager which we can use.
About 59 devs are enrolled using the token...
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more