Intune Certificate Connector and OID 1.3.6.1.4.1.311.25.2
Hi, Way back in May when update KB5014754 broke cert auth for so many orgs it was identified that whilst RPC auto-enrolled certificates will get the new required OID the Intune certificate connector can't do the same. As the timeline on the KB (https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16) states that enforcement will happen from updates released on February 14th 2023 is there any indication that a fix will be deployed for the intune certificate connector ahead of that time? We have many customers using intune enrolled certificates to authenticate for AOVPN, WiFi and more which will stop working once this change is enforced. February doesn't seem like a long time away when a solution likely means needing to get the connectors updated and other possible changes.
Intune PKCS Certificate does not get installed on Client
Hi, I am testing the deployment of a user certificate via Device Configuration Policy (Windows 10 - PKCS certificate). Now, the certificate is requested, and in the logs of the CA, I see that the PKCS request was successful. I can also see the requested certificate for the user on the Configuration Profile under "Certificates." Soon, I realize that the report shows an error without an error code, and the certificate is not installed. After waiting for a couple of hours, I notice that Intune reports success, and the certificate is installed. It seems that Intune retrieves the certificate very quickly, within a couple of minutes, but then cannot install it on the client immediately. Instead, it attempts installation again after a couple of hours, where it succeeds. The client remains connected to the network throughout. Is this normal behavior, or am I missing something?
Deploy a cert
Dear community members, We are using Intune to deliver a couple of certs to the mobile devices. We did both Root and Intermediate certs using Device Configuration Profile with Trusted Cert option, which worked on both iOS and Android. Then it comes to an application cert, with .cer extension. It is a certificate that required by an app on the mobiles (which is also published by Intune) that uses to authenticate with its cloud service. We need to get this certificate on to the mobile phones. The certificate name started with a wildcard *.xxx.mycompanydomain, with multiple URLs inside the cert. At first, we didn't know which options should be used, whether it is Trusted Cert, PKCS, Imported PKCS, SCEP, etc. So we started to deploy this app cert using Trusted Certificate option. The certificate installed on the iOS but it didn't install on the Android. And we tried both Android Enterprise with Work Profile and the fully managed Android, neither worked. Then we looked at the other cert option, such as PKCS and SCEP. They require complex infrastructure set up and doesn't look like it's the right option to go, given we only deploying this static app cert, which is same for every single device. It feels like the same deal as the root cert, just need to be present on the mobiles. Does anyone have similar experience? Is there anything we are doing wrong deploying the cert to the Android device? Does the name of the cert that started with a Wildcard matters? Thanks all.Android PKCS
Hello. We have a problem with PKCS deployment to Android devices from Intune Standalone. It looks like Intune only pushes the ROOT certificate to the device. The pkcs policy is marked green and the certificate is generated on the CA server and the logs/files on the NDESConnector server is saying that upload and everything worked ok. i tried an older android os in the NOX emulator, on this device i get notices that i have security credentials to import. one for the ROOT and one for the USER certs. Is it even possibleto deploy a pkcs cert to android devices? How did you configure the policys in order to get it to work? i have tried to change almost everything in the policy but cant get it to work. And all internet guides aint giving me any good suggestions.
