At Keytos, we understand that security is a top priority for your organization. That is why we have developed a powerful and easy-to-use PKI solution that is built specifically for Microsoft Azure. While both SCEPman and EZCA can be quickly setup and issue intune certificates in minutes, EZCA does not just stop at issuing Intune certificates. Our native Azure PKI integrations make EZCA is a full PKI solution that can replace your on-premises ADCS Certificate Authority.
EZCA SaaS offering makes it easy to create an Intune CA in minutes, watch the video below to see it in action. Deploy yours by following our documentation.
EZCA + EZRADIUS SaaS offerings makes it easy to fully migrate your network authentication to the cloud, by offering a cloud PKI and RADIUS service, Keytos allows you to fully remove your on-premisses infrastructure and secure your network with Azure based services.
EZCA completely replaces your on premises ADCS CA by allowing you to achieve all the functions that your legacy CA did, without needing to worry about the maintenance and upkeep that it takes to run a highly available PKI. In addition to Intune SCEP certificates, EZCA can issue the following certificate types:
One of the key components of passwordless authentication and any modern IT stack is Windows Hello for Business. It gives users a convenient passwordless way to authenticate to corporate resources. EZCA creates the domain controller certificates required for Hybrid Key Trust Hello For Business deployment
When EZCA was created, the main goal was to help organizations automate the issuance of SSL certificates for all scenarios. We do this via Azure Integrations in addition to enabling other modern certificate issuance methods such as local ACME enabling your engineers to use the tools they are familiar with for certificate lifecycle automation.
If you are looking at issuing SCEP certificates to intune devices, you are also probably looking at other passwordless authentication methods such as Smart Cards, authentication with Azure CBA, and perhaps even FIDO2 keys. EZCA connects to EZSmartCard the first fully passwordless authentication onboarding tool for Azure.
Secure and Compliant While ease of use and quick setup are important factors for a PKI solution, ensuring security and compliance is paramount. EZCA is a globally trusted PKI solution that prioritizes security by adopting industry-leading measures to secure our infrastructure. Our team of experts constantly monitor and update our systems to ensure that they meet the highest security standards. Additionally, our PKIaaS offering's high availability SLA allow your team to focus on other pressing security issues while your CAs will automatically be updated and secured.
PKI Expertise and Guidance Creating a new Certificate Authority can be an intimidating process, our team of PKI experts will be with you every step of the way, When you book your first EZCA demo, a PKI expert will join the call and guide you through the whole process. Additionally, this same expert will be available to answer any questions you may have as you continue your PKI planning, ensuring you are following best practices.
Security that Meets Your Needs EZCA offers a range of plans designed to meet your security needs. Our Basic CA plan enables secure certificate issuance for most organizations, while our advanced plans offer additional features that can help you meet more stringent security requirements. These features include FIPS 140-2 Level 3 HSMs, private infrastructure options, bring-your-own-infrastructure, and bring-your-own-HSM options. Whether you are a small business or a large enterprise, EZCA has a plan that can meet your unique security needs.
Comprehensive Passwordless Solution Keytos offers a complete suite of tools to help you achieve full passwordless security with Entra ID. With Keytos, you have a single, trusted provider for all your needs, including cloud certificates, RADIUS authentication, FIDO2 and Smartcard management, and SSH access management—all in one place.
Cloud-Based Convenience One of the key benefits of moving to the cloud is freedom from managing your own infrastructure. The entire Keytos toolset is hosted on your behalf, meaning that Keytos ensures the availability and scalability of your deployment. Say goodbye to late-night troubleshooting calls and server restarts—Keytos has you covered.
Feature | SCEPMan | EZCA |
---|---|---|
SCEP | ||
Intune SCEP Connection | ||
Bring your Own Infrastructure | ||
Domain Controller Certificate Support | ||
Hybrid Windows Hello for Business | ||
OCSP | ||
Azure Key Vault Integration for Leaf Certificates | ||
CRL Support | ||
Entra ID App Certificate Rotation | ||
SaaS Offering | ||
SOC2 Compliant | ||
ACME Support | ||
Public CA Certificate Management | ||
SSH Certificate support | ||
Azure IoT Integration | ||
FIDO2 and Smartcard management | ||
SSH Access management | ||
Cloud RADIUS |
When evaluating certificate management solutions, it's essential to consider both the cost and the features offered. SCEPMan offers two versions: the Community Version, which is advertised as "free" with no licensing the only costs are for the Azure resources consumed, and the Enterprise Version for those seeking support, intermediate CAs, geo-redundancy, certificate management, or certificates for Domain Controllers for Hybrid hello for business authentication. The Enterprise version has a cost per user per month (for example a 400 user deployment will cost 295 Euros plus the Azure infrastructure expenses). On the other hand, Keytos EZCA provides a straightforward pricing model at $200 per month for each CA, including all infrastructure, user management, redundancy, support, and more. It's worth noting that while the costs of these solutions might initially seem high, such as $200 monthly just for issuing certificates, they can be more cost-effective and significantly simpler than managing the infrastructure they replace, like ADCS, CRL, and NDES, in Azure VMs.