Renew Azure certificate

The Sophos Mobile server certificate for Microsoft Azure has a validity period of one year. You must renew it before it expires.

If you don’t renew the certificate before it expires, Intune app protection in Sophos Mobile stops working.

Warning When you start the certificate renewal process (step 3 below), Intune app protection is temporarily unavailable until you upload the new certificate to your Sophos Mobile application on the Microsoft Azure portal (step 11).

To renew the Sophos Mobile server certificate for Microsoft Azure, do as follows:

  1. Sign in to Sophos Central Admin and go to Mobile.
  2. Go to Setup > Sophos setup > Microsoft Azure.

    Under Certificate information, the expiration date of the current certificate is shown in Expiration date.

    certificate information, including the expiration date
  3. Click Renew certificate.
  4. Click OK in the confirmation dialog.
    The OK button in the confirmation dialog

    Sophos Mobile creates a new certificate and updates the information in the Thumbprint, Start date, and Expiration date fields.

    Updated certificate information
  5. Click Download certificate to download the certificate file to your computer.
    The Download certificate button
  6. Sign in to the Microsoft Azure portal with your Azure administrator account.
  7. Search for the App registrations service and open it.
    Search for App registrations in the Azure portal
  8. Click your Sophos Mobile application.
    The Sophos Mobile application

    If you have several applications, select the one with the matching Application (client) ID value.

    Application (client) ID value in Sophos Mobile and the Azure portal
  9. In the left-hand menu, click Certificates & secrets.
    The Certificates & secrets menu entry
  10. Click Upload certificate.
    The Upload certificate button
  11. Select the file that you downloaded from Sophos Mobile and click Add.
    Select and add a certificate in the Upload certificate dialog
  12. Check that the certificate has the same thumbprint in Sophos Mobile and Microsoft Azure.
    Certificate thumbprint in Sophos Mobile and the Azure portal
  13. In Microsoft Azure, click Delete next to the old certificate to remove it from your Sophos Mobile application.
    The Delete button next to the old certificate

This completes the certificate renewal process.