Configuring MDM Profile Renewal for Computers or Mobile Devices

Jamf Pro Documentation 11.16.0
Solution
Application
Content Type
Technical Documentation
Utilities & Services
version
11.16.0
ft:locale
en-US
vrm_version
11.16.0
  1. In Jamf Pro, click Settings in the sidebar.
  2. In the Global section, click MDM profile settings .
  3. Click Edit .
  4. Configure when MDM profiles are automatically renewed for computers and mobile devices using the following settings:

    • When the built-in certificate authority is renewed—By default, the MDM profile and device identity certificate on all computers or mobile devices will be renewed when Jamf Pro's built-in certificate authority is renewed.

    • days before the MDM profile expires—This option allows you to specify the number of days before the MDM profile expires to renew it. Choose 90, 120, or 180 from the pop-up menu to change the number of days. The default is 180 days.

  5. Click Save .
Note:

  • The MDM profile will automatically renew after the next MDM command is issued or after the next time the computer or mobile device checks in to Jamf Pro via MDM. Devices may not check in immediately. Therefore, MDM profiles may not instantaneously renew after a renewal is triggered.

  • The MDM Profile Expiration Date value in the inventory will show the new expiration date after the MDM profile is renewed. The device identity certificates will expire in two years.

  • To monitor for any MDM profiles that were not renewed, Jamf recommends that you create a smart computer or mobile device group and set the MDM Profile Renewal Needed – CA Renewed search criteria value to "Yes".

  • The CA certificate's validity period displayed on mobile devices does not update after the MDM profile is renewed following a CA certificate renewal. Jamf recommends viewing the CA certificate's validity period and all CA certificate information in Jamf Pro.