Jeffasselin
I have several questions regarding this new offering:
- does it support an externally created, offline root CA? yes
- does it support custom EKUs? Yes
- does it support custom templates? No – the Intune SCEP certificate profile acts as your traditional on premise CA template
- how does security works for enrollment, how do we limit who can request what certificates? Only Intune enrolled devices supporting the SCEP certificate portfile are supported in this first release
- what methods and protocols does it support for enrollment other than SCEP? Only SCEP at the moment
- can we issue certificates with custom properties similar to ADCS’ “supply in the request”, and how is that secured? The Intune SCEP certificate profile controls the custom properties that can be used and the subject name and subject alternative name. For more info: https://learn.microsoft.com/en-us/mem/intune/protect/certificates-profile-scep
Microsoft