Skip to main content
日本語 简体中文 繁體中文

[Device Certificate] Revoking Individual Device Certificates

Action summary

This article explains the procedure for Access Control administrators to individually revoke device certificates.
* If you wish to revoke certificates in bulk, please refer to the following page.
[Device Certificate] Bulk Revocation of Device Certificates

Notes

  1. The content of this article is based on the product specifications as of April 2026 and may be changed without prior notice.
  2. To view the actual screens or change settings, Access Control global administrator privileges or device certificate administrator privileges are required.
  3. For instructions on how to access the Administration, please refer to the following article.
    [Access Control] How to Log In to the Administration

Procedure

  1. In the Access Control Administration, go to the left menu and select [Certificates] – [Device Certificates].

    スクリーンショット 2026-04-24 18.53.34.png

  2. On the [Certificates] screen, search for the target device certificate and check the box for the device certificate you wish to revoke.
    Make sure the target device certificate is selected, then click [Revoke].

    スクリーンショット 2026-04-24 18.55.57.png

  3. Confirm that the target device certificate is displayed, then click [Revoke].
    * Once you click [Revoke], you will no longer be able to log in using the revoked device certificate.
    Also, you cannot undo the revocation or resend the installation email for the target device certificate.
    If you need the device certificate again, you will need to reissue it.

    スクリーンショット 2026-04-24 18.56.44.png

  4. If the revocation is completed successfully, a message saying [Revocation completed.] will be displayed.
    Confirm that the [Status] of the revoked device certificate is [Revoked].

    スクリーンショット 2026-04-24 19.00.00.png

    * Even if a certificate is revoked, as long as the authentication session remains, access to Access Control and linked services is still possible.
    Reference: [Access Control] About the Relationship Between Cloud Service Authentication Sessions and Access Control
    If there are services you do not want users to log in to, please disconnect the sessions individually.
    [Access Control] How to Force Users to Log Out
    [Access Control] Disconnecting Microsoft Entra ID Modern Authentication
    [Access Control] Disconnecting Google Workspace Authentication

  5. (Optional) You can delete the old device certificate from the user's device.
    * For iOS, the old certificate will be automatically deleted when a new device certificate is installed.