Users may be prompted to Update the enrollment of an MDM Enrolled device occasionally. This generally happens when MDM is no longer communicating properly, and the automatic renewal process is not able to properly update.
Note: Users should not be prompted to update any Addigy/MDM certificates, this process should happen automatically in most cases.
Identification
This can occurs when the device shows `MDM Client Stuck` fact as true. In general, it happens when MDM connectivity has an underlying issue or the process is not responding properly, as discussed in this article (https://support.addigy.com/hc/en-us/articles/15377306352275).
Overall, if a device has its MDM stuck, there is a chance that the certificates will not automatically renew when the expiration date is nearing.
Remediation
We would recommend enabling our new public beta for the MDM Watchdog, to monitor these processes and try to restart them automatically in the case they become unresponsive.
You can enable this in Account > Settings: MDM Watchdog Beta
If the above does not restore the MDM communication, you can also try using the "Install MDM" tool located on the Devices page:
FAQ:
What happens if the certificate expires? Am I still able to renew it?
Yes. If the certificates expire and become unverified, they can still be renewed by using the above workflows. More details on this here: Addigy MDM SSL Certificate Profile Signing Renewal
How do I know if it has been properly renewed?
You can view the certificate renewal date on the device's GoLive > Security page. If it's still out of date, it's possible that the device information hasn't been updated yet. In this case, try to perform a device audit using the "Refresh Data" button also in the GoLive page and/or the agent audit command: https://docs.addigy.com/agent/auditor.html#auditor-commands