Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)
SOLVED

iOS: SCEP Enrollment - Certificate Renewal

%3CLINGO-SUB%20id%3D%22lingo-sub-3244373%22%20slang%3D%22en-US%22%3EiOS%3A%20SCEP%20Enrollment%20-%20Certificate%20Renewal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3244373%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20Community%2C%3C%2FP%3E%3CP%3EWe%20successfully%20created%20a%20SCEP%20Policy%20to%20push%20certificates%20to%20our%20iOS%20devices.%3C%2FP%3E%3CP%3EIt%20uses%20a%20OnPremise%20NDES%20Server%20and%20Microsoft%20PKI%20(via%20Azure%20Application%20Proxy).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECertificates%20have%20a%20lifetime%20of%201%20year.%3C%2FP%3E%3CP%3EDoes%20anyone%20know%2C%20if%20Intune%20automatically%20starts%20a%20renew%20process%20before%20expiration%20date%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20received%20information%20from%20one%20consultant%20that%20they%20are%20not%20automatically%20renewed.%20But%20this%20would%20mean%20I%20have%20to%20manually%20monitor%20each%20expiration%20date%20and%20trigger%20somehow%20the%20renewal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan't%20image%20that%20this%20is%20the%20desired%20behaviour.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETHanks%20a%20lot%2C%3C%2FP%3E%3CP%3EChris%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3244373%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ecertificate%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ERenewal%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESCEP%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3244444%22%20slang%3D%22en-US%22%3ERe%3A%20iOS%3A%20SCEP%20Enrollment%20-%20Certificate%20Renewal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3244444%22%20slang%3D%22en-US%22%3EIn%20the%20Configuration%20Profile%20there%20is%20a%20renewal%20theshold%20percentage%2C%20this%20is%2020%25%20by%20default%20I%20think.%20At%2020%25%20of%20the%20life-time%2C%20it%20will%20contact%20the%20server%20again%20to%20request%20a%20new%20one..%20You%20should%20check%20your%20Configuration%20Profile%20for%20your%20setting.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3244486%22%20slang%3D%22en-US%22%3ERe%3A%20iOS%3A%20SCEP%20Enrollment%20-%20Certificate%20Renewal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3244486%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1209009%22%20target%3D%22_blank%22%3E%40Harm_Veenstra%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHello%20Harm%2C%3C%2FP%3E%3CP%3EThanks%20a%20lot.%20Seems%20that%20I%20missed%20that%20part%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3EThat%20answers%20my%20question!%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Dear Community,

We successfully created a SCEP Policy to push certificates to our iOS devices.

It uses a OnPremise NDES Server and Microsoft PKI (via Azure Application Proxy).

 

Certificates have a lifetime of 1 year.

Does anyone know, if Intune automatically starts a renew process before expiration date?

 

I received information from one consultant that they are not automatically renewed. But this would mean I have to manually monitor each expiration date and trigger somehow the renewal.

 

Can't image that this is the desired behaviour.

 

THanks a lot,

Chris

3 Replies
best response confirmed by DjeeeD (New Contributor)
Solution
In the Configuration Profile there is a renewal theshold percentage, this is 20% by default I think. At 20% of the life-time, it will contact the server again to request a new one.. You should check your Configuration Profile for your setting.

@Harm_Veenstra 

Hello Harm,

Thanks a lot. Seems that I missed that part :)

That answers my question!

No problem, please mark my answer as solution to mark it as solved