Knowledge Base

Scenario

Intune application keys have a validity period. Intune supports a validity period of up to 24 months as of December 29, 2021.

If you have to change Intune application values when using the SCEP enrollment method, see this Microsoft document for more information:

Use SCEP certificate profiles with Microsoft Intune | Microsoft Docs

Once this validity period has lapsed, you will no longer be able to issue certificates via Intune.

Solution

To renew your Intune secret key for your application, follow these steps:

1. Sign in to the Azure portal as a Global Administrator or Application Administrator
   
   
2. Navigate to:
   1. Azure Active Directory
   2. Application Registrations
   3. Search for your application id that needs to be modified
   4. Under Manage Section select Certificate Secrets
   5. Under Certificate Secrets select New Client Secret
      
      
3. If you specified the old secret in your application(s), you will need to update your application code with the new code.
   
   

For more information on this please see the following Microsoft document:

AADSTS7000222: The provided client secret keys are expired - Microsoft Q&A

• Once you have completed the Microsoft procedure, you will now need to navigate to your certificate profile in the DigiCert MPKI 8 portal. 
• You are then required to update the secret key you just changed.
  
  

When updating in the MPKI 8 portal, note that you need to update ALL of the values even if you are only changing the key. 

When All elements are updated, you will see the change. If you only update one value, it will save successfully, however, if you navigate away and come back, you will notice that the original key is still there. You MUST change all three values even though the other two didn’t change. 

Once everything is saved, do a test enrollment to validate that the changes are successful. If you continue to receive errors, please contact PKI Support.