Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Configure Apple Push Notification Service

            By Corey Willis

            Learn about Apple Push Notification service (APNs) and how to configure it

            What is Apple Push Notification service?

            Apple Push Notification service (APNs) is a critical component in the context of Mobile Device Management (MDM) for Apple devices. APNs facilitates persistent communication between MDM solutions and Apple devices across both public and private networks. This service allows MDM servers to send notifications to devices, enabling remote management tasks such as applying configurations, installing software, locking or wiping devices, and more.

            How Apple Push Notification service Works

            MDMs require an APNs certificate to communicate securely with Apple devices. This certificate must be renewed annually using the same Apple Account used for its creation. When an MDM action is initiated, a notification is sent to APNs, which then notifies the device. The device checks in with the MDM server, receives the command, and executes the required action.

            Best Practices for Managing Apple Push Notification service 

            • Use a managed Apple Account that is accessible by multiple team members for creating and renewing APNs certificates
            • Plan ahead for certificate renewal to avoid disruptions in MDM communication
            • Ensure network configurations allow necessary traffic to Apple's network for APNs to function correctly. For a full list of network requirements, please see our Using Kandji on Enterprise Networks support article

            Configuring Apple Push Notification service

            For best results, use a macOS computer.

            1. Navigate to your Kandji Web App (e.g., accuhive.kandji.io).
            2. In the left-hand navigation bar, click Settings.
            3. Select the Apple Integrations tab.
            4. Under Apple Push Notifications service (APNs), click Configure APNs.
            5. Follow the on-screen instructions to create a new APNs certificate.

            Renewing Your Apple Push Notification service Certificate

            APNs certificates must be renewed annually. If the certificate expires, it can lead to issues such as the inability to manage existing Apple devices and enrollment failure for new devices.

            Your APNs certificate can be renewed at any time. For best results, monitor the certificate expiration date in the Kandji Web App and plan to renew it before it expires. Kandji will send email reminders to Team Members with Admin or Account Owner permissions starting 30 days before certificate expiry.
            1. In the left-hand navigation bar, click Settings.
            2. Select the Apple Integrations tab.
            3. Under Apple Push Notifications service (APNs), click Renew certificate.
            4. Follow the on-screen instructions to renew your APNs certificate.

            Troubleshooting APNs Certificate Renewal

            When uploading a new APNs certificate, you may see an error stating, "This doesn't appear to be a valid certificate." This issue can arise for a few different reasons, including:

            • The Apple Account used to create the new certificate is different from the one used for the original certificate.
            • The certificate was uploaded as a new one instead of renewing the existing certificate.
            • The uploaded certificate does not have the .pem file extension or has been renamed from its original name, MDM_Kandji, Inc._Certificate.pem.
            If you need to change the Apple Account that is used for an APNs certificate, it is recommended to do so before renewing the the original certificate. To start the process of migrating an APNs certificate to a new Apple Account, you can Contact Apple's Deployment Programs Support team.

            Disconnect APNs

            Only disconnect your APNs certificate if you need to replace it with a new one. Replacing your APNs certificate will break MDM communication on all of your enrolled Apple devices. You will need to re-enroll all devices under the new APNs certificate.

            1. In the left-hand navigation bar, click Settings.
            2. Select the Apple Integrations tab.
            3. Under Apple Push Notifications service (APNs), click Disconnect APNs.

            If you accidentally disconnect your APNs certificate and need to reconnect it for renewal, you can do so by following the configuration steps in Kandji. Then, proceed to identity.apple.com to complete the certificate renewal process.

            Preview
            0 of 0