This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 39%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Hello,
How we all now that Android -> corporate-owned dedicated devices has a token which default time span is 90 days and after that we need to renew this token so they our IT department could enroll new phones.
Q. Is there a possibility to automate this proces? So i don't need to go each to to MS Intune and "renew" the token.
Hello @Jason Sandys . Yes i saw this post.
But how i fugred out, that each time i need to run that powershell script after 90 days?
You can renew the token however you want to want to and whether that's the UI or the script is up to you. Either way, it must be done every 90 days. This is a Google requirement.
Ok if i automate this process is there a possibility to send an e-mail to IT admin which will include QR image and code each time the token will be re-generated?
Don't know as I've never tried this. I would think the QR code is just an image that is server up via the Graph API as everything shown in the MEM console is retrieved this way so you should be able to also.
Ok i done configuration using this - https://danielchronlund.com/2020/02/26/how-to-automate-renewal-of-android-dedicated-devices-enrollment-tokens-and-qr-codes-in-mem-solve-the-90-day-limit-issue/
And also give needed permissions -https://learn.microsoft.com/en-us/graph/api/intune-androidforwork-androiddeviceownerenrollmentprofile-createtoken?view=graph-rest-beta
If i'm using delegated permissions everything is working and i can renew token.
But if i use application to do this i get error message in powershell showing forbidden, but i granted needed permission to application in Registered API.
In test environment i granted app all permissions and it's still not working. I can delete token, but i can't renew it.
And also is there a possibility to silently login using delegated permissions, so that pop-up will not show?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 3%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Seem likes that Microsoft heard us all since december 2022> it's now possible to setup a validity up to 65 years for token.
==>
Token expiration date: Enter the date you want the token to expire, up to 65 years in the future. The token expires on the selected date at 12:59:59 PM in the time zone it was created. Acceptable date format: MM/DD/YYYY or YYYY-MM-DD
Sources: https://learn.microsoft.com/en-us/mem/intune/enrollment/android-kiosk-enroll