Forum Discussion

Iron Contributor

Dec 20, 2022

Intune Certificate Connector and OID 1.3.6.1.4.1.311.25.2

Hi, Way back in May when update KB5014754 broke cert auth for so many orgs it was identified that whilst RPC auto-enrolled certificates will get the new required OID the Intune certificate connector...

Active Directory Certificate Services

certificate

Intune

kb5014754

mobile device management (mdm)

Cristian_Turcu_

Copper Contributor

Mar 31, 2023

Is there any official update/roadmap for this issue ?

Cristian_Turcu_
Copper Contributor
Apr 20, 2023
Just found this : https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/preview-of-san-uri-for-certificate-strong-mapping-for-kb5014754/ba-p/3789785
- Peter Holland
  Iron Contributor
  Apr 20, 2023
  good find.
  hopefully it trickles down.
  slight concern that it states a preview build of Windows Server needed. hopefully it won't end up needing a CA upgrade to work!
  - Cristian_Turcu_
    Copper Contributor
    Nov 15, 2023
    Just updated Intune PKCS certificate configuration to add SAN attribute UPN with value {{UserPrincipalName}} and bang: authentication works. It seems that KB5014754 add the requirement to have SAN attribute that contain the UPN in the certficate, but I didn't find any reference for this. This will work until the full enforcement will be in place February 11, 2025. Still waiting for a solution to provide strong certificates to users via Intune.