Microsoft
MicrosoftHi DonalC, secure certificate deployment in a cloud-first world is a challenge particularly since this needs to account for all platforms that we currently manage (or those that we may manage in the future). Because of this, we must use a standards-based toolset to deliver the certs to the endpoints. Because of this, Intune uses a certificate connector that facilitates communication with your existing Enterprise PKI and delivers certs in one of two industry standard methods: SCEP or PKCS. You can read about the Intune Certificate Connector and these two certificate delivery options at Certificate connectors for Microsoft Intune - Azure | Microsoft Docs. If you search the web for Intune Certificate Connector you'll find lots of hits with additional official documentation as well as supplemental documentation from the community.