Apple tokens for Mobile Device Management like APNS certificates, DEP and VPP tokens need a renewal every 365 days. When an APNS certificate has expired you are forced to re-enroll all of your MDM managed apple devices. To avoid any headaches I put together a few lines of PowerShell which monitor the expiration with Azure automation and send a notification to Microsoft teams or email.


The script is intended to run recurring on Azure automation. And I recommend to setup a schedule which runs the script once a week. The script checks the following apple tokens and triggers the teams notification if it expires in less than the configured number of days:

  • Push Notification certificate
  • DEP (Device Enrollment Program) tokens
  • VPP (Volume Purchase Program) tokens

Hint : You can setup multiple DEP and VPP tokens in your Intune tenant.

The triggered notification is delivered to Microsoft Teams as message card with some details about the token


In order to get the monitoring up and running you need at least:

Create a Microsoft Teams Webhook

Navigate to your desired teams channel which should receive the notifications and add a new incoming webhook:

Script Configuration

  1. Adjust days prior to expiration notification

  2. Add the generated teams webhook URL to the script

  3. Choose one of the available authentication options to Microsoft Graph and ensure that the Graph permissions DeviceManagementServiceConfig.Read.All and DeviceManagementApps.Read.All are granted to the app registration:

  1. (Optional) you can also enable email notifications if you do not like teams notifications.

  2. Add the script to your automation account:

  3. Import the Microsoft.Graph.Intune PowerShell module from the module gallery:

  4. Configure a schedule to run the script recurring. I’d recommend to run it once a week.

The Script in action

Last but not least let’s test the script. To check if a notification gets triggered and delivered successfully you can also increase the threshold value (number of days).

Happy apple token monitoring!