Event banner
Event details
Will Intune PKI support the issuance of S/MIME certificates and corresponding private keys to all registered Intune users?
Would issuing S/MIME still require the Intune PFX connector to safeguard privatekeys before PFX get sent to Intune?
Can Intune PKI issue certificates using modern certificate management protocols such as ACME and CMPv2?
Will Intune PKI support TPM and HSM key attestation?
How can custom OIDs be configured? With PQC on the horizon, will Intune PKI support PQC algo's?
Generating the Root and Issuing CA seems simple enough, how is AIA configured?
__PRESENT
Bill Calero
Microsoft
MicrosoftHi Michael,
S/MIME encryption certs is something we are investigating, but will not be available at GA. S/MIME signature certs can be issued using Cloud PKI.
If we do provide support for S/MIME encryption certs, then the PFX connector will not be required.
ACME, and CMP are protocols we are investigating, but are not available when we GA.
TPM and HSM attestation ... can you provide more detail here? If you are referring to the ability to issue a Windows Hello for Business cert then, yes you should be able to issue these to Windows. By chance, are you are referring to attestation in general, like using Azure Device Health Attestation of Microsoft Azure Attestation - https://learn.microsoft.com/en-us/windows-server/security/device-health-attestation ... then these are 2 separate topics.
Yes OID's will be configurable and required, the UI in the demo is not the final GA version, but an early implementation.
The AIA will be auto configured, again, the UI in the demo is not the final GA version.
- Bill thanks! Ref Key attestation Im referring to https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation Ie the ability to prove within an issued PKI certificate that the private key got generated on a trusted TPM or HSM. It requires the PKI to enforce verification of the used HSM or TPM depending on the configured trust model.