How to renew the ADE token in Intune

      5 Comments on How to renew the ADE token in Intune

In this post I will show how to renew the ADE token in Intune. It’s is a requirement to enable Automatic device enrollment for Apple devices like MacOS, iOS and iPadOS in Intune. The token is used to sync device information between Apple business manager and Intune. It is also used to upload enrollment profiles to Apple and assign them to devices. The validity of the ADE token is 1 year and must be renewed every year to remain functional. For more information about the ADE token in Intune go to this link.

Before you begin renewing your ADE certificate, there are a number of things you should consider.

  • After you download a new token, the old token is no longer valid. You can no longer sync devices or assign profiles until the new token is uploaded.
  • The above also applies if the certificate has expired, therefore renew the certificate before it expires.
  • Unlike the APNs certificate the ADE certificate does not need to be renewed with the same account.

How to renew the ADE token

1. Go to the enrollment token configuration blade by selecting “Devices -> iOS/iPadOS -> iOS/iPadOS enrollment -> Enrollment program tokens” or click here and select the token you want to renew.


2. Go to Apple Business manager and login with an administrator account. Select “Settings -> MDM servers” and press “Download Token”


3. A popup will appear press “Download Server Token” to continue. The new token will be downloaded to your pc.


4. Switch back to the enrollment tokens blade in MEM admin center. Press “Renew token” in the top of the screen to renew te token.


5. Select the Apple token you downloaded in step 3 and press “Next” to continue.


6. If needed, modify or add additional scope tags and press “next” to continue.


7. Review your settings and press “Create” to finish the renewal.


8. The renewal is now completed. You need to refresh the blade to update the new status, expiration date and days untill expiration.


I hope you liked this post about how to renew the ADE token in Intune. If you have any questions or comments about this post, just let me know in the comment section.

5 thoughts on “How to renew the ADE token in Intune

  1. Mark Jorissen

    Hi would like to know if the admin that has used his AppleID has left the company, would it do any harm to login with a different AppleID, generate and download the Token and replace the one in Intune with this one?

    So do we have to enroll the devices again or any other trouble?

    1. Aad Lutgert Post author

      Hi Mark,

      It is not a problem to renew the ADE certificate with another account. This only applies to the APNs certificate. If you try to renew it with another account you will get an error message. You then have two choices; Contact Apple Support or generate a new APNs certificate and re-enroll all your linked apple devices.

      regards, Aad

  2. Raj

    Hi, Thank you for providing the steps but when I am trying to renew the token in Intune, I am getting an error saying ” DEP token decryption failed. This can happen if the wrong token is uploaded”. Have you seen this error and do you know how I can fix this issue?
    Thanks in advance.

    1. Aad Lutgert Post author

      Hi Raj,

      Did you download the token of the correct MDM server in step 2? I remember having such an error when trying to upload a different mdm server token.

      regards, Aad

  3. Niall Quinn

    Do you recommend this is done outside of business hours? What is the impact of renewing the token during the working day?


Leave a Reply

Your email address will not be published. Required fields are marked *