What are these certificates that gets installed while installing the Intune connector and what kind of certificates are needed? I am not sure which certificates needs to be installed as well as whether it is PKCS or SCEP. Can someone give a clear overview of why this is needed and what it does and which one to install? If you’ll use SCEP with a Microsoft Certification Authority (CA), confirm that the Network Device Enrollment Service (NDES) role is installed. SCEP: Select this option to enable certificate delivery to devices from a Microsoft Active Directory Certification Authority using the SCEP protocol. Devices that submit a certificate request will generate a private/public key pair and submit only the public key as part of that request.PKCS: Select this option to enable certificate delivery to devices from a Microsoft Active Directory Certification Authority in PKCS #12 format. Ensure you’ve set up all the necessary prerequisites.PKCS imported certificates: Select this option to enable certificate delivery to devices for pfx certificates that you've imported to Intune. Ensure you’ve set up all the necessary prerequisites.Certificate revocation: Select this option to enable automatic certificate revocation for certificates issued from a Microsoft Active Directory Certification Authority.

Personally I have used the connector for a client to enroll certificates on Android Devices for Wi-Fi (https://docs.microsoft.com/en-us/mem/intune/protect/certificates-pfx-configure) , that's the PKCS option. And also for getting a certificate needed for always on vpn machines. Both in the PKCS way

mmiadmin

Copper Contributor

Jul 20, 2022

Solved

Certificates in Intune

What are these certificates that gets installed while installing the Intune connector and what kind of certificates are needed?

I am not sure which certificates needs to be installed as well as whether it is PKCS or SCEP. Can someone give a clear overview of why this is needed and what it does and which one to install?

If you’ll use SCEP with a Microsoft Certification Authority (CA), confirm that the Network Device Enrollment Service (NDES) role is installed.

SCEP: Select this option to enable certificate delivery to devices from a Microsoft Active Directory Certification Authority using the SCEP protocol. Devices that submit a certificate request will generate a private/public key pair and submit only the public key as part of that request.
PKCS: Select this option to enable certificate delivery to devices from a Microsoft Active Directory Certification Authority in PKCS #12 format. Ensure you’ve set up all the necessary prerequisites.
PKCS imported certificates: Select this option to enable certificate delivery to devices for pfx certificates that you've imported to Intune. Ensure you’ve set up all the necessary prerequisites.
Certificate revocation: Select this option to enable automatic certificate revocation for certificates issued from a Microsoft Active Directory Certification Authority.

Intune

Harm_Veenstra
Jul 21, 2022
Personally I have used the connector for a client to enroll certificates on Android Devices for Wi-Fi (https://docs.microsoft.com/en-us/mem/intune/protect/certificates-pfx-configure) , that's the PKCS option. And also for getting a certificate needed for always on vpn machines. Both in the PKCS way

Forum Discussion

Certificates in Intune

7 Replies