iOS: SCEP Enrollment - Certificate Renewal

Copper Contributor

Dear Community,

We successfully created a SCEP Policy to push certificates to our iOS devices.

It uses a OnPremise NDES Server and Microsoft PKI (via Azure Application Proxy).


Certificates have a lifetime of 1 year.

Does anyone know, if Intune automatically starts a renew process before expiration date?


I received information from one consultant that they are not automatically renewed. But this would mean I have to manually monitor each expiration date and trigger somehow the renewal.


Can't image that this is the desired behaviour.


THanks a lot,


4 Replies
best response confirmed by DjeeeD (Copper Contributor)
In the Configuration Profile there is a renewal theshold percentage, this is 20% by default I think. At 20% of the life-time, it will contact the server again to request a new one.. You should check your Configuration Profile for your setting.


Hello Harm,

Thanks a lot. Seems that I missed that part :)

That answers my question!

No problem, please mark my answer as solution to mark it as solved

I have the expected default 20% but on many user's devices it did NOT renew & simply expired, cutting people of from WiFi access on the day
If I plug in to ethernet, it almost instantly renews for most of the affected users


I can see for some devices totally unhelpful error:




And nothing more after that, no error no, nothing more when clicked on it