Regards with the MDM CA

Hi,

Regarding your question about Intune MDM CA certificates: for Windows devices, Intune supports automatic renewal of MDM client certificates, so you generally do not need to take manual action when they are about to expire.

However, if your environment also manages iOS or macOS devices, the Apple MDM Push certificate used for those devices must be renewed manually before it expires. Failing to do so will cause all managed Apple devices to stop receiving MDM commands.

So, automatic renewal applies to Windows, but for Apple devices, manual intervention is required to ensure uninterrupted device management.

For more information, you can refer to this link: https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/mdm-authority-set#coexistence and https://learn.microsoft.com/en-us/windows/client-management/certificate-renewal-windows-mdm

You are most welcome, I am glad to help and provide clarification! If further assistance needed in the future, please don't hesitate to reach out and we would be more than happy to help you.

In the context of Intune MDM, the renewal of the MDM CA certificate can occur automatically when mobile devices communicate with the Intune service. However, if mobile devices are wiped or fail to communicate with the Intune service for a certain period, the MDM certificate may not be renewed automatically. In such cases, you may need to manage the renewal process manually after the certificate expires.

To ensure continuous access to enterprise applications, it is recommended to set a renewal period a couple of months before the certificate expires and configure the device for automatic renewal if possible.

References:

• Certificate Renewal
• Mobile device cleanup after MDM certificate expiration