Merge pull request #2727 from schwerdti/patch-1

Brenduns · web-flow · commit 734d0d6d3412 · 2022-04-29T06:57:38.000-07:00
Renewal behaviour on iOS/iPadOS and macOS
diff --git a/memdocs/intune/protect/certificates-profile-scep.md b/memdocs/intune/protect/certificates-profile-scep.md
@@ -274,6 +274,9 @@ Devices that run Android Enterprise might require a PIN before SCEP can provisio
    - **Renewal threshold (%)**:
 
      Enter the percentage of the certificate lifetime that remains before the device requests renewal of the certificate. For example, if you enter 20, the renewal of the certificate will be attempted when the certificate is 80% expired. Renewal attempts continue until renewal is successful. Renewal generates a new certificate, which results in a new public/private key pair.
+     
+     > [!NOTE]
+     > Renewal behavior on iOS/iPadOS and macOS: Certificates can only be renewed during the renewal threshold phase. In addition, the device has to be unlocked while synching with Intune. If the renewal was not successful, the expired certificate will remain on the device and Intune does not trigger a renewal anymore. Also, Intune does not offer an option to redeploy expired certificates. Affected devices need to be excluded from the SCEP profile temporarily to remove the expired certificate and request a new one.
 
    - **SCEP Server URLs**:
 
