Blog

Apple Tokens (ADE & VPP) Renewal in Microsoft Endpoint Manager

Automated Device Enrollment (ADE) and Volume Purchase Program (VPP) Tokens are required for integration with MDM solution (Intune) and to maintain an ongoing connection with Apple Business Manager (business.apple.com) or Apple School Manager (school.apple.com) web-based portals.

  • ADE Token automatically syncs devices (every 24h) e.g. iPhones, iPads and Macs that were purchased in bulk from Apple or their authorised Reseller.
  • VPP Token is responsible for syncing software content (every 12h) e.g. apps and books purchased in volume from Apple AppStore.

Both tokens must be renewed annually before they expire (365 days), otherwise, the MDM Server (Intune) will lose its connection and will be unable to fetch new devices and apps from Apple portals.

Prerequisites

1. Microsoft Endpoint Manager (Intune) tenant with MDM authority Set to Intune

  • ADE Token previously installed
  • VPP Token previously installed

2. Apple Business Manager (ABM) portal access

  • ADE/VPP Tokens can be renewed with the same Apple ID that was originally used to create them, however, this is not mandatory like with an MDM push certificate (APNS) that is bound to the same Apple ID

1. ADE Token renewal:

Download new ADE Token from the Apple Business Manager (business.apple.com) from Settings – MDM Servers

Note: Don’t download the token if you are not planning to renew it right now, because the new server Token will reset the existing one.

In MEM/Intune console (endpoint.microsoft.com), navigate to Apple enrollment – Enrollment programs tokens

Select the ADE token you want to renew then press Renew token

Upload the ADE Token file (.p7m)

Days Until Expiration: 07/05/2022

2. VPP Token renewal:

Summary

The location of the VPP token download in Apple Business Manager (or Apple School Manager)

Steps

In the ABM portal – navigate to the account name at the lower left side, select “Preferences,” then “Payments and Billing” (apps and books is usually the default tab), Then navigate to “Server Tokens”.  “Server Tokens” will contain the VPP token download option for each location

ABM VPP Token

When you obtain a new VPP Token file (.vpptoken), 

Open the MEM/Intune console (endpoint.microsoft.com) and go to Tenant administration – Connector Status to choose VPP Token 

Select the VPP Token location you want to renew and press Edit (no renew button)

VPP Token file (.vpptoken)

Expiration date: 05/07/2022

Close Menu