SOLVED

Certificates in Intune

Copper Contributor

What are these certificates that gets installed while installing the Intune connector and what kind of certificates are needed? 

 

I am not sure which certificates needs to be installed as well as whether it is PKCS or SCEP. Can someone give a clear overview of why this is needed and what it does and which one to install?

 

If you’ll use SCEP with a Microsoft Certification Authority (CA), confirm that the Network Device Enrollment Service (NDES) role is installed.

 

  • SCEP: Select this option to enable certificate delivery to devices from a Microsoft Active Directory Certification Authority using the SCEP protocol. Devices that submit a certificate request will generate a private/public key pair and submit only the public key as part of that request.

  • PKCS: Select this option to enable certificate delivery to devices from a Microsoft Active Directory Certification Authority in PKCS #12 format. Ensure you’ve set up all the necessary prerequisites.

  • PKCS imported certificates: Select this option to enable certificate delivery to devices for pfx certificates that you've imported to Intune. Ensure you’ve set up all the necessary prerequisites.

  • Certificate revocation: Select this option to enable automatic certificate revocation for certificates issued from a Microsoft Active Directory Certification Authority.

 

7 Replies
best response confirmed by mmiadmin (Copper Contributor)
Solution
Personally I have used the connector for a client to enroll certificates on Android Devices for Wi-Fi (https://docs.microsoft.com/en-us/mem/intune/protect/certificates-pfx-configure) , that's the PKCS option. And also for getting a certificate needed for always on vpn machines. Both in the PKCS way
Thank you. I have done this in Citrix Endpoint Management, but not in Intune MDM. So, if this is what its function is to enroll the Android or IOS devices into Intune, then I think that makes sense. But, which one is for what is there any idea?

Thanks again!
It's not needed for enrollment itself, just for things like VPN or WiFi based on certificate authentication.
I'm trying to use a PKCS certificate for wifi on Android Dedicated but is not working since this is a userless enrollment. Any idea to make this work?
I saw this article that is from 2019 and I thought now in 2022 would be supported even PKCS for this enrollment but...
I'm afraid not / can't find any new articles or announcements...
1 best response

Accepted Solutions
best response confirmed by mmiadmin (Copper Contributor)
Solution
Personally I have used the connector for a client to enroll certificates on Android Devices for Wi-Fi (https://docs.microsoft.com/en-us/mem/intune/protect/certificates-pfx-configure) , that's the PKCS option. And also for getting a certificate needed for always on vpn machines. Both in the PKCS way

View solution in original post