Background The line-of-business Apple iOS/iPadOS apps assigned to iPhones and iPads are created with a provisioning profile that is included and is code signed with a certificate. IOS/iPadOS verifies its integrity and applies any provisioning profile-defined policies when the app runs. The following validations happen: * Installation file integrity
The line-of-business Apple iOS/iPadOS apps assigned to iPhones and iPads are created with a provisioning profile that is included and is code signed with a certificate. IOS/iPadOS verifies its integrity and applies any provisioning profile-defined policies when the app runs. The following validations happen:
The enterprise signing certificate used to sign the apps typically lasts three years. However, the provisioning profile expires after a year, and the app needs to be packaged again with the new provisioning profile.
There is now out of the box solution to set-up alerting to notify about the expiry of the provisioning profiles for the iOS apps. Intune portal has the functionality to the show the alert if provisioning profile or certificate is about to expire. The alert is just displayed as informational message, so that you know that one part of the LOB app is expired or close to expire and then you can take the required action.
Due this missing functionality, there are high chances of human error and it quite evident that the team managing Intune infrastructure may miss these notifications, leading to non-functioning apps on end user’s devices.
There multiple ways to achieve this functionality of creating automated email notifications few days prior to the provisioning profile expiry so that you have ample time to react and get the new build created.
The possible options you have to automate it are:
Which ever option you choose, you will be relying on Graph API calls to get the data about managed apps and their properties.
For this article, I have used Power Automate to create the flow and get automatic emails for notifying on the provisioning profile.
All done! Save the flow and execute it.
You will receive the email with details of the app’s provisioning profile.
The idea behind this post was to show how easily you can automate the notifications for expiry of your business critical applications. There are endless possibilities to modify the requirements as per your business requirements. Feel free to use it and modify it.