Before enrolling macOS devices in Endpoint Protection Cloud (SEPC) with mobile device management (MDM), an Apple Push Notification (APN) certificate is required
Login to the SEPC management console
Go to Settings>Mobile Device Management (NOTE: MDM settings are only available to Account Administrators. If this option is grayed out and unavailable to you contact your Account Administrator)
At the bottom of the MDM page, you'll see 3 steps
Hit Download. This will download or prompt you to save a file called "Apple.csr". Save the file somewhere you'll be able to find it.
Hit "Apple Push Certificates Portal". This will open a new tab in your browser to the Apple website, and prompt you to sign in to the Apple Push Certificates Portal. Any Apple ID can be used to sign-in to this website. Symantec recommends using a company Apple ID (A group mailbox or Alias preferably) to setup the APN, so that access to the APN is not lost when an individual leaves the company.
Once signed-in, hit "Create a Certificate"
You should now be redirected to the "Create a New Push Certificate page".
Hit "Choose File". Navigate to the location you saved the Apple.csr file to earlier. Select the Apple.csr and hit open. Hit Upload.
Hit Download. Save the certificate in a location you will remember. You can now sign-out and close the apple website and return the SEPC MDM settings page.
For Step 3, enter the email used for the Apple ID, and hit browse. Navigate to the location where the certificate was saved and double-click the certificate, or select the certificate and hit open.
You have now setup your APN certificate and can proceed to enroll your Apple Devices
After a year, the APN certificate expires. Symantec recommends renewing your APN certificate before expiration.
From the SEPC MDM page, hit "Apple Push Certificates Portal" beneath "Step 2"
Sign-in with your Apple ID.
The Apple Push Certificates portal will show you "Certificates for Third-Party Servers".
Verify your Symantec MDM certificate is there. For "Service" the certificate should list "Mobile Device Management" and Symantec Corporation as the Vendor.