Skip to main content

Revocation of certificates in Intune

There are many scenarios where certificates that were provisioned by Intune are then removed and revoked.

See Remove SCEP and PKCS certificates in Microsoft Intune | Microsoft Docs

With DigiCert/Intune SCEP integrations that communicate via the Azure Active Directory App registration, Intune maintains a list of certificates to be revoked. DigiCert​​®​​ Trust Lifecycle Manager fetches the revocation list for all the tenants at a frequent interval, as part of an asynchronous process, which will revoke all the certificates from the retrieved list. The revoked status of the certificate is then available via DigiCert validation services (CRL/OCSP), once the revocation process is complete.