Mobile Device Management (MDM) for iOS devices requires an enrollment operation which establishes trust between the device and the Windows Intune service. Trust is established by installing a profile, referred to as an MDM profile. The MDM profile installed on the device is signed by a certificate acceptable to the device as well as the Windows Intune service. It is a standard practice to change these signing certificates periodically for security reasons.
iOS devices renew their MDM profile once a year. If the device is running a version older than iOS 7.0, the renewal operation will fail if the new profile is signed with a different certificate than the previous.
Steps to identify affected devices
If you are using Windows Intune to manage iOS devices it is important to determine which devices are still running a version of iOS less than 7.0 and upgrade those devices. If the device does not support iOS 7.0 or higher or is not upgraded then manual action must be taken in order to continue managing the device. For either implementation Windows Intune Cloud Only or Windows Intune integrated with System Center 2012 R2 Configuration Manager, the remediation goal is the same but the steps are different.
For Windows Intune only –
For Windows Intune integrated with System Center 2012 R2 Configuration Manager -