Event banner

AMA: Microsoft Cloud PKI in Intune Suite

Event Ended
Wednesday, Mar 20, 2024, 10:30 AM PDT
Online

Event details

Can you really simplify certificate management and move it to the cloud? Let’s get into it! This Ask Microsoft Anything (AMA) session is dedicated to the recently launched Microsoft Cloud PKI in the Microsoft Intune Suite. Dive deep into specific capabilities, hear best practices, and discover troubleshooting tips. Join us for this AMA to get your questions answered directly from the product and engineering teams behind Cloud PKI.

Post your questions in the Comments below. We'll have experts responding in the live stream and others in chat.

This session is part of Microsoft Intune: Tech Community Live. Add it to your calendar, RSVP for event reminders, and post your questions and comments below! This session will also be recorded and available on demand shortly after conclusion of the live event.

 

Char_Cheesman
Updated Dec 27, 2024
AMA
Tech Community Live

67 Comments

Sort By
Show More
  • tpeckman's avatar
    tpeckman
    Copper Contributor
    Mar 20, 2024
    Can we integrate with an existing on-prem CA (i.e. create an Intune issuing CA using the on-prem CA Root)?
    • Tyler_Nichols's avatar
      Tyler_Nichols
      Icon for Microsoft rankMicrosoft
      Mar 20, 2024
      Yes there is a process to create an issuing CA using a OnPrem root CA to sign issuing CA's initial request.
  • tpeckman's avatar
    tpeckman
    Copper Contributor
    Mar 20, 2024
    Can you specify the encryption type/key length of issued certs?
    • Sachin_Khade's avatar
      Sachin_Khade
      Copper Contributor
      Mar 20, 2024

      CloudPKI Certificate authorities support only RSA Keys for CA and device certificates. SHA-256, SHA-384, and SHA-512 hash algorithms and RSA key sizes of 2048, 3072, and 4096 are supported for certificate authorities. https://learn.microsoft.com/mem/intune/protect/microsoft-cloud-pki-overview#overview-of-features

      SCEP cert key size options are documented here. https://learn.microsoft.com/mem/intune/protect/certificates-profile-scep#:~:text=key%20is%20encrypted.-,Key%20size%20(bits)%3A,-Select%20the%20number

      Key size of 1024 is not supported for CA and device certificates.

    • Char_Cheesman's avatar
      Char_Cheesman
      Bronze Contributor
      Mar 20, 2024

      Thanks for participating in today's session of AMA: Microsoft Cloud PKI in Intune Suite! For reference, the panel covered your question at around 20:30.

  • tpeckman's avatar
    tpeckman
    Copper Contributor
    Mar 20, 2024
    Best practice was always to have an off-line Root to protect the private key. How is this key protected/secured with this product?
    • Char_Cheesman's avatar
      Char_Cheesman
      Bronze Contributor
      Mar 20, 2024

      Thanks for participating in today's session of AMA: Microsoft Cloud PKI in Intune Suite! For reference, the panel covered your question at around 14:00.

  • VaishnavK1993's avatar
    VaishnavK1993
    Brass Contributor
    Mar 20, 2024
    Can we migrate our on-prem CA server to Cloud PKI, and will the Hybrid method also work in this method?
    • Sachin_Khade's avatar
      Sachin_Khade
      Copper Contributor
      Mar 20, 2024

      Yes you can migrate your on-prem CA servers for certificates delivered via Intune MDM scenarios for now, more functionality is coming so stay tuned. Bring your own root CA hybrid method where you keep the Root CA on-prem and issuing certificate authority in cloud is supported . https://learn.microsoft.com/mem/intune/protect/microsoft-cloud-pki-overview#overview-of-features

    • Char_Cheesman's avatar
      Char_Cheesman
      Bronze Contributor
      Mar 20, 2024

      Thanks for participating in today's session of AMA: Microsoft Cloud PKI in Intune Suite! For reference, the panel covered your question at around 12:00.

  • JFRigot's avatar
    JFRigot
    Brass Contributor
    Mar 20, 2024

    Could we use Cloud PKI to distribute S/MIME certificate automatically through Intune? Some other vendors don't recommend using their product for this specific usage.

    • EricTedj's avatar
      EricTedj
      Icon for Microsoft rankMicrosoft
      Mar 20, 2024
      Certificate delivery for Cloud PKI is currently limited to SCEP certificates. SCEP certificates can be used for S/MIME signing. However, because the private key of a SCEP certificate never leaves the issued device, SCEP certificates are not suitable for S/MIME Encryption as they are unrecoverable and can not be used cross-device. If this is a scenario you want to see supported in the future, please submit feedback to https://aka.ms/IntuneFeedback .
    • Char_Cheesman's avatar
      Char_Cheesman
      Bronze Contributor
      Mar 20, 2024

      Thanks for participating in today's session of AMA: Microsoft Cloud PKI in Intune Suite! For reference, the panel covered your question at around 20:10.

  • Char_Cheesman's avatar
    Char_Cheesman
    Bronze Contributor
    Mar 20, 2024

    Welcome to the AMA: Microsoft Cloud PKI in Intune Suite. Let's get started! Post your questions in the Comments. We'll be answering questions in the live stream.

  • Mshuaib's avatar
    Mshuaib
    Copper Contributor
    Mar 14, 2024
    Will cloud PKI support multiple certificate deployment based on the different use cases ? like if we want devices with certain values defined in certs to be recognized like say X , Y and Z to control the access of the data from those certificates values ? I dont see thats possible now. The option to delete/re-configure option in Cloud PKI node has to be introduced soon , which is missing.
    • Sachin_Khade's avatar
      Sachin_Khade
      Copper Contributor
      Mar 20, 2024

      Cloud-PKI helps creating Root and Issuing certificate authorities, SCEP profile on other hand connects the certificate authority (via CA SCEP URL) and describes the leaf device certificates to be issued, SCEP profile should help solve the use case scenario for your requirements. More information here. https://learn.microsoft.com/mem/intune/protect/certificates-profile-scep 

    • Char_Cheesman's avatar
      Char_Cheesman
      Bronze Contributor
      Mar 20, 2024

      Thanks for participating in today's session of AMA: Microsoft Cloud PKI in Intune Suite! For reference, the panel covered your question at around 6:50.

  • Heather_Poulsen's avatar
    Heather_Poulsen
    Icon for Community Manager rankCommunity Manager
    Mar 07, 2024

    A friendly note from your Community Managers:
    Be like Richard and post your questions for this Ask Microsoft Anything (AMA) session in advance! You can add more questions along the way - we just ask that you post each question as a separate comment so we can easily find them and answer appropriately. 

  • Ricoli610's avatar
    Ricoli610
    Brass Contributor
    Feb 23, 2024

    Hello - will Microsoft Cloud PKI be included in the Microsoft 365 E5 license / subscription? If not, how much will it cost? Many thanks

Date and Time
Mar 20, 202410:30 AM - 11:30 AM PDT