SCEP Cert auto renewal via MDM

Hello, We’re using BigFix MDM to push a SCEP certificate. It is a custom policy using the Windows SCEP Username Template. We then update the SCEP URL, Challenge and Thumbprint and deploy the policy.

This works fine however a number of our users have reported back that the certificate is expiring.

I went back and confirmed that the expiry is set to 1 year which we can change however we would prefer to keep the 1 year expiry and instead have it auto renew 1 month out from expiry. Is this possible?

I’m not fully familiar with the configuration, but once the SCEP certificate is deployed, I think renewing it is entirely between the device and Intune policy.

This article has some tips on things to check on the Intune side. Please do let us know whether it’s helpful