MDM and enrollment suddenly disabled for Apple devices
Last Updated April 29, 2019
You attempt to use a Mobile Device Management (MDM) feature or enroll an Apple device. Despite this having worked in the past, these features suddenly stop functioning.
Apple (OSx and iOS)
The Apple Push Notification (APN) certificate has expired.
Follow the steps in the article Apple Certificate Management under the renewal section to get a working APN certificate uploaded back to the account. Once this happens, devices will need to be re-enrolled in one of the following ways to regain MDM abilities:
Through the administration portal:
Locate the device within "Managed Devices"
Unenroll each Apple device
Provide the users a method to re-enroll their devices (through either package or user access)
Manually on each device:
Navigate to "System Preferences > Profiles"
Select the Management Profile
Click the "-" sign at the bottom of the page, and remove the profile