cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Intune Certificate Connector and OID 1.3.6.1.4.1.311.25.2

Peter Holland
Iron Contributor

‎Dec 20 2022 01:46 AM

‎Dec 20 2022 01:46 AM

Intune Certificate Connector and OID 1.3.6.1.4.1.311.25.2

Hi,

Way back in May when update KB5014754 broke cert auth for so many orgs it was identified that whilst RPC auto-enrolled certificates will get the new required OID the Intune certificate connector can't do the same.

 

As the timeline on the KB (https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-wind...) states that enforcement will happen from updates released on February 14th 2023 is there any indication that a fix will be deployed for the intune certificate connector ahead of that time?

 

We have many customers using intune enrolled certificates to authenticate for AOVPN, WiFi and more which will stop working once this change is enforced.

 

February doesn't seem like a long time away when a solution likely means needing to get the connectors updated and other possible changes.

4,500 Views
0 Likes
6 Replies
Reply
6 Replies
Kinngen

‎Feb 14 2023 12:31 AM

‎Feb 14 2023 12:31 AM

Re: Intune Certificate Connector and OID 1.3.6.1.4.1.311.25.2

@Peter Holland 

 

Hi,

 

Any update on the way?

0 Likes
Reply
Peter Holland

‎Feb 20 2023 02:43 AM

‎Feb 20 2023 02:43 AM

Re: Intune Certificate Connector and OID 1.3.6.1.4.1.311.25.2

guessing this may be part of the reason the final change has been pushed back to October/November.

would be good to get some information on the planned change and whether there is a preview that could be signed up for. Lots of our customers would like to get in on that.
0 Likes
Reply
Cristian_Turcu_

‎Mar 31 2023 05:51 AM

‎Mar 31 2023 05:51 AM

Re: Intune Certificate Connector and OID 1.3.6.1.4.1.311.25.2

Is there any official update/roadmap for this issue ?
0 Likes
Reply
Peter Holland

‎Apr 20 2023 04:02 AM

‎Apr 20 2023 04:02 AM

Re: Intune Certificate Connector and OID 1.3.6.1.4.1.311.25.2

good find.
hopefully it trickles down.
slight concern that it states a preview build of Windows Server needed. hopefully it won't end up needing a CA upgrade to work!
0 Likes
Reply
Cristian_Turcu_

‎Nov 15 2023 05:21 AM

‎Nov 15 2023 05:21 AM

Re: Intune Certificate Connector and OID 1.3.6.1.4.1.311.25.2

Just updated Intune PKCS certificate configuration to add SAN attribute UPN with value {{UserPrincipalName}} and bang: authentication works. It seems that KB5014754 add the requirement to have SAN attribute that contain the UPN in the certficate, but I didn't find any reference for this. This will work until the full enforcement will be in place February 11, 2025. Still waiting for a solution to provide strong certificates to users via Intune.
0 Likes
Reply