Updated 11/5/2018: This blog article has been moved to the new blogging platform: https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Intune-email-profiles-and-certificates/ba-p/281419. Please continue the conversation over there.
We’ve heard feedback from you that you’ve wanted the ability to remove email and certificates from devices when you remove a user from being targeted by one of those profiles in Intune. That functionality is shipping this month! In the past, certificates and email profiles would remain on the device, even though you’d removed the user from being targeted.
If you find that email or certificates are being removed unexpectedly from users, please use the following troubleshooting steps:
- If you’ve configured an email profile, double check that the user is part of the targeted group.
- If the user is in the group, then you’ll want to check to see if the device is operating as expected – this troubleshooting documentation is quite helpful: https://docs.microsoft.com/intune/device-profile-troubleshoot
- If you’ve removed the user from the targeted group, then your user can either manually add the email to their devices; or you can add them back into the group.
- You can use graph calls or PowerShell to automate any of these steps.
You can use similar steps to troubleshoot certificate profiles.
Our documentation is updated and re-published to provide details about removing SCEP and PKCS certificates and profiles. See the docs here:
- https://docs.microsoft.com/intune/whats-new (week of October 22, 2018)
NOTE: Updated 10/29/18 with documentation links and removed the documentation that we'd added to this post since docs is now live.