Migrating from Verizon MDM to Intune

Hello Team,

Our current MDM situation for our iOS devices isn't great. Currently, we have an expired Apple Push Certificate that we can't renew (long story). That push certificate is associated with Verizon MDM. Today, the vast majority of our devices are no longer connected to the MDM because we turned off auto enrollment in Apple Business Manager and unassigned them. However, we do have four or five devices that are still phoning home to the Verizon MDM via the application agent installed on the phone--that we can't uninstall because of the expired push certificate.

We're coming up on rotation for most of these devices. So, my plan is to get a new push certificate using a managed ID. We'll then use this new push certificate to setup auto enrollment with Intune. As old devices are rotated out, new ones will be enrolled in Intune.

At a high level, is there anything wrong with this approach? I did have a concern that getting a new certificate would somehow cause all existing devices to unenroll from our Verizon MDM and wipe themselves. But, I don't see how this would happen unless we explicitly unenrolled the device in ABM.

I'm admittedly pretty green when it comes to MDM in the Apple ecosystem. So, apologies if I've asked some silly questions. Thanks for the help.