Knowledge Center

FAQs for MDM Certificates with Enterprise Mobility Management
Technical Articles ID:  KB73899
Last Modified:  4/8/2015


McAfee Enterprise Mobility Management  (EMM) 11.x, 10.x

For product supported environments, see KB76319.


To take full advantage of Apple iOS features, Intel Security strongly recommends that you implement an Mobile Device Management (MDM) certificate with EMM.

This article is a consolidated list of common questions and answers about the implementation of the MDM functionality with EMM. It is mainly intended for users who are new to the product but can be of use to all users.

General For product information, including miscellaneous topics.
Compatibility Interaction between other products and software.
Installation/Upgrade For information about installing, upgrading and removing.
Functionality Product features and functions.

What is MDM?
MDM is an Apple-designed architecture that allows providers (such as EMM) to secure, monitor, manage and support mobile devices deployed across mobile operators, service providers and enterprises. MDM functionality typically includes over-the-air distribution of applications, data and configuration settings for iOS mobile devices in a secure, seamless fashion.

Why do I need an Apple MDM Certificate?
Apple requires every organization that implements an MDM architecture to obtain their own unique MDM certificate to ensure secure data transmission between corporate devices and Apple’s push notification servers. The complete set of iOS MDM capabilities will not function without a valid Apple MDM certificate.


Do I have to re-provision my devices when I renew my MDM certificate?
From iOS 5.1, Apple no longer allows MDM certificates to be generated or renewed through your Apple Developer account; they can now only be generated using the Apple Push Certificates Portal. For more information, see KB73382.

If you obtained your previous MDM certificate using an Apple Developer's Account your old certificate has been migrated to the new Apple Push Certificates Portal and you will can renew the certificate without any impact to your users. If you allow your existing MDM certificate to expire, you must generate a brand new certificate and all iOS users must delete the profiles on their iOS devices and then provision the devices when the new MDM certificate is installed.

After you obtain a new MDM certificate using the new MDM process outlined in KB73382, you do not have to reprovision your iOS devices when you renew your MDM certificate the following year. You must use the same Apple ID that was used to obtain the original certificate when you log in to the Apple Push Certificates Portal and choose the Renew option for the existing MDM certificate before it expires. 

How do I obtain an Apple MDM Certificate? 
You can obtain an Apple MDM certificate by following the instructions provided in article KB73382. There is no cost involved in obtaining the MDM certificate.

I have an Apple Developer account; do I obtain or renew my certificate through my developer account or through Intel Security?
No, Apple will no longer allow MDM certificates to be renewed or created using an Apple Developers account. MDM certificates can now only be generated using the Apple Push Certificates Portal.

What happens if I don’t use an MDM certificate?
If you do not use an MDM certificate you can still provision your Apple devices, but a lot of user interaction will be required in order to do so. Using an MDM certificate will guarantee full use of MDM functionality and management, and there will be minimal user interaction because policy enforcement and compliance status updates will take place seamlessly.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.