Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Whitepaper: Securing and Hardening NDES for Microsoft Intune and System Center Configuration Manager
Published Sep 08 2018 06:22 AM 4,897 Views

First published on CloudBlogs on Apr 06, 2015
We have just published a new whitepaper that describes best practices for securing and hardening the Network Device Enrollment Service (NDES) server role for use with Microsoft Intune and System Center Configuration Manager .  Deploying certificates via the Simple Certificate Enrollment Protocol (SCEP) ensures that unique private keys are kept on mobile devices and are not accessible by other systems, services, or personnel. These keys can be further protected by using Trusted Platform Modules (TPMs) on Windows or Windows Phone, and by detecting and blocking jailbroken iOS devices or rooted Android devices to ensure the keys are not being exported.  Microsoft’s policy module technology ensures that the SCEP protocol can be used securely for distributing certificates to Internet-facing mobile devices. This whitepaper details how the policy module secures certificate deployment through NDES as well as best practices for how to secure NDES behind a reverse proxy such as Windows Server 2012 R2 Web Application Proxy or Azure Active Directory Application Proxy. Download the whitepaper You can also find additional resources here:

- Chris Green, Senior Program Manager

1 Comment
Version history
Last update:
‎Jan 23 2023 01:59 PM
Updated by: