Skip to content

Renew Azure certificate

The Sophos Mobile server certificate for Microsoft Azure has a validity period of one year. You must renew it before it expires.

If you don’t renew the certificate before it expires, Intune app protection and federated authentication in Sophos Mobile stop working.


When you start the certificate renewal process (step 3 below), Intune app protection is temporarily unavailable until you upload the new certificate to your Sophos Mobile application on the Microsoft Azure portal (step 11).

To renew the Sophos Mobile server certificate for Microsoft Azure, do as follows:

  1. Sign in to Sophos Mobile Admin.
  2. Go to Setup > Sophos setup > Microsoft Azure.

    Under Certificate information, the expiration date of the current certificate is shown in Expiration date.

    certificate information, including the expiration date

  3. Click Renew certificate.

  4. Click OK in the confirmation dialog.

    The OK button in the confirmation dialog

    Sophos Mobile creates a new certificate and updates the information in the Thumbprint, Start date, and Expiration date fields.

    Updated certificate information

  5. Click Download certificate to download the certificate file to your computer.

    The Download certificate button

  6. Sign in to the Microsoft Azure portal with your Azure administrator account.

  7. Search for the App registrations service and open it.

    Search for App registrations in the Azure portal

  8. Click your Sophos Mobile application.

    The Sophos Mobile application

    If you have several applications, select the one with the matching Application (client) ID value.

    Application (client) ID value in Sophos Mobile and the Azure portal

  9. In the left-hand menu, click Certificates & secrets.

    The Certificates & secrets menu entry

  10. Click Upload certificate.

    The Upload certificate button

  11. Select the file that you downloaded from Sophos Mobile and click Add.

    Select and add a certificate in the Upload certificate dialog

  12. Check that the certificate has the same thumbprint in Sophos Mobile and Microsoft Azure.

    Certificate thumbprint in Sophos Mobile and the Azure portal

  13. In Microsoft Azure, click Delete next to the old certificate to remove it from your Sophos Mobile application.

    The Delete button next to the old certificate

This completes the certificate renewal process.