Tech Accelerator: Microsoft Intune Suite
Apr 11 2023 08:00 AM - Apr 12 2023 11:00 AM (PDT)

Intune Device Authentication Flow

Occasional Visitor

Microsoft gives me the option to enroll a device only to Intune:


If I enroll the device to Intune a device certificate is created in the certificate store:


This certificate is signed by a generic intermediate CA called "Microsoft Intune MDM Device CA". As far as I know, this CA is not an organisation specific certificate. One thing that left me wondering was how Intune determines that this device belongs to Organisation X and not to Organisation Y. Is the managed device id CN unique for every device in Intune? Or is the managed device id only unique for a specific organisation? Does the certificate contain some identifier that is unique to the organisation (e.g. one of the extensions, please refer to the Figure below) .


How does the device authenticate to Intune? How does Intune know, upon receiving the certificate, that the device belongs to organisation X and not to organisation Y?

1 Reply
Check out my new blog (wanted to publish it tomorrow.. but :) )