---
name: project_apple_mdm_certs
description: ACG holds Apple Developer + MDM Push certificates (acquired 2026-05-29) for GuruRMM mobile/MDM; MDM push cert renews annually or all enrolled iOS devices break
metadata:
  type: project
---

As of 2026-05-29, Arizona Computer Guru holds both Apple certificates needed for GuruRMM
mobile device support ([[SPEC-017]], `projects/msp-tools/guru-rmm/docs/specs/SPEC-017-mobile-device-support.md`):

1. **Apple Developer Program enrollment + Distribution/code-signing cert + APNs (.p8) key** — unblocks
   iOS app build, signing, TestFlight/App Store distribution, and silent push (iOS Phase 1).
2. **Apple MDM Push Certificate** (from Apple Push Certificates Portal, identity.apple.com) — unblocks
   iOS true remote lock/wipe via an MDM enrollment profile (iOS Phase 2).

**Why:** These were the iOS blockers in SPEC-017. Both iOS phases are now Apple-cert-unblocked;
remaining iOS work is engineering (MDM-protocol implementation), not credential acquisition.

**How to apply:** The **MDM Push Certificate expires annually and must be RENEWED on the same Apple ID**
— regenerating a fresh cert, or losing the Apple ID it was issued under, silently invalidates the MDM
enrollment of EVERY iOS device and forces fleet-wide re-enrollment. Record the owning Apple ID and set
a renewal reminder ~30 days before expiry. TODO: capture the exact owning Apple ID + expiry date (not
yet recorded — ask Mike).