none
Scenario: Letting the APNs Certificate expire.

    Question

  • Hello

    Recently our APNs Certificate expired, and I could not find any solid answers on what would happen, even after logging a ticket with Microsoft Premier Support.

    Background: We use Office 365, with a separate Intune subscription integrated with SCCM 2012 (Hybrid). The certificate had been expired for twenty days, which prevented devices from enrolling.

    1. I was able to remotely wipe existing enrolled devices, despite the certificate having expired.

    2. All security policies already deployed to existing enrolled devices continued to function (Passcode reset, prevent iCloud backup etc)

    3. I was unable to enrol new iOS devices.

    4. I was unable to update CI policies on existing enrolled devices.

    5. After renewing and uploading the certificate, ALL THE PREVIOUSLY ENROLLED DEVICES CONTINUED TO WORK. That is to say, I did not need to re-enrol all 700 devices. This will work provided you use the SAME APPLE ID TO RENEW THE CERTIFICATE!

    Enjoy!

    Dan

    Friday, September 02, 2016 1:54 AM

All replies

  • Ultimately, this is a question for Apple. The APN cert is the "key" to accessing the Apple Push Notification (APN) network as well as the devices connected to them and really has nothing to do with Intune. Intune uses the cert for sure but they (Apple) define the behavior of what happens when the cert is expired or replaced.

    What you've stated above goes against what I've been told, but I've never explicitly tested either and am not an APN guru by any means. Number 1 seems to make sense though as that's one thing you probably want/need to do if retiring an MDM. The rest also makes sense if the cert was issued by the same account. This may be a change also from previous behavior. As noted though, this is a much better question for Apple though.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Friday, September 02, 2016 1:27 PM
  • Have you ever tried to get an answer out of Apple that isn't 'backup your data and restore your iPhone'?
    Saturday, September 03, 2016 8:34 AM
  • Hi,

        Have you find an answer/confirmation for your question now? If so, could you please share it with us? Thank you.

    Best regards,

    Jimmy


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, September 25, 2016 2:54 AM
    Moderator
  • DanielK8507,I have the same situation with you and hope you can answer me , Now my SCCM is (Hybrid mode) and my APNs Certificate already expired 5 days ago and now we are planning using back the existing apple id to renew the APNs Certificate and i starting worry after reading the below sources and all below sources said  must renew the APNs Certificate before it expires otherwise will need to perform Re-enrolled all the IOS devices and now i confuse after reading your post .

    1)may i know what if i renew apns certificate now is there anything happen on the devices  ?

    2)may i know what is the users experience and impact on those users after renew apns certificate, will i getting notification or error?

    3)you mention i did not need to re-enrol all 700 devices is that meaning still need to re-enrol some devices ?

    https://blogs.technet.microsoft.com/enterprisemobility/2015/10/06/new-apns-certificate-expiration-alert/

    https://www.enhansoft.com/blog/configmgr-and-apple-push-notification-apn-certificate-renewal

    http://gerryhampsoncm.blogspot.my/2015/11/microsoft-intune-renew-apple-apn.html?m=1

    Appreciate i can get your confirmation answer from you. Thanks. 

    Saturday, March 04, 2017 7:16 PM
  • Using Existing Apple ID not require to re-enrolled all IOS Devices.No Impact at all.
    Monday, March 13, 2017 1:24 PM