cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Intune Device Authentication Flow

IntuneAuthentication
Copper Contributor

‎Jul 20 2022 09:06 AM

‎Jul 20 2022 09:06 AM

Intune Device Authentication Flow

Microsoft gives me the option to enroll a device only to Intune:

IntuneAuthentication_0-1658332453293.png

If I enroll the device to Intune a device certificate is created in the certificate store:

IntuneAuthentication_3-1658332726671.png

This certificate is signed by a generic intermediate CA called "Microsoft Intune MDM Device CA". As far as I know, this CA is not an organisation specific certificate. One thing that left me wondering was how Intune determines that this device belongs to Organisation X and not to Organisation Y. Is the managed device id CN unique for every device in Intune? Or is the managed device id only unique for a specific organisation? Does the certificate contain some identifier that is unique to the organisation (e.g. one of the extensions, please refer to the Figure below) .

IntuneAuthentication_6-1658332804541.png

How does the device authenticate to Intune? How does Intune know, upon receiving the certificate, that the device belongs to organisation X and not to organisation Y?

4,452 Views
0 Likes
1 Reply
Reply
1 Reply
Rudy_Ooms_MVP

‎Jul 21 2022 07:14 AM

‎Jul 21 2022 07:14 AM

Re: Intune Device Authentication Flow

Hi.
Check out my new blog (wanted to publish it tomorrow.. but :) )

https://call4cloud.nl/2022/07/the-tenantid-from-toronto/
2 Likes
Reply