Deploying PKCS Device Certificate on Android Device Administrator Enrolled Devices

Occasional Visitor

Is it possible to deploy PKCS Device Certificates to Android Device Administrator enrolled devices utilizing AD CS and the Microsoft Intune Certificate Connector?

 

I got it working with iOS/iPad devices, but our Honeywell devices are all Device Administrator enrolled (I've been told that they don't support Android Enterprise enrollment deployment configurations), and we are trying to deploy PAN GlobalProtect using device certificates for authentication.

 

While trying to configure the PKCS certificate device configuration profile in Intune it appears to be missing the option for the certificate type (User vs Device). All the "Subject name format" and "Subject alternative name" options appear to be related to user certificates; Does this mean that we are only able to deploy PKCS User Certificates for Android Device Administrator enrolled devices? Does anyone happen to know if GlobalProtect would be able to use a user certificate for authentication?

 

I understand that the device administrator enrollment method has been getting depreciated for a while, but I don't understand the reasoning behind this particular limitation.

 

 

Screen Shot 2022-08-02 at 11.59.19 AM.png

 

Reference: How to create a PKCS certificate profile (Microsoft Docs)

0 Replies