Contact Us

How To Create an Azure Based Certificate Authority for Intune

How to create Intune SCEP Certificate Authority In Azure
31 Jan 2023

Create an Azure Based Certificate Authority for Intune In Minutes with EZCA

For many years, Users have been asking for an Azure based PKI that can issue SCEP certificates for Intune. Today we are happy to announce that our Azure based CA can now issue SCEP certificates for Intune.

With this integration, organizations can now use passwordless authentication for their Virtual Private Network (VPN), network infrastructure, and more, without the need for a large on-premises infrastructure. This includes eliminating the need for domain controllers, certificate authorities, hardware security modules (HSMs), certificate revocation list (CRL) servers, and SCEP servers.

Intune SCEP Connection Diagram

By leveraging Keytos’s Azure-based PKI solution, organizations can now easily and securely issue and manage SCEP certificates for Intune, without the need for a large team to maintain and manage their infrastructure. This aligns with Keytos and Microsoft’s shared vision of allowing organizations to go fully passwordless in a cloud-only environment, democratizing cybersecurity by lowering the barriers of entry and enabling organizations to have a secure and compliant infrastructure without the need for a large team to maintain it.

What is SCEP

Before we get started we must understand what is Simple Certificate Enrollment Protocol (SCEP). SCEP is a certificate enrollment standard that enables devices to issue certificates by using a key provided by a 3rd party. The Certificate Authority (CA) must be able to communicate with this trusted third party (in this case Intune) to validate that the key provided by the device is allowed to request a certificate.

Getting Started

We bet you are as excited as we are for this new integration, so we wanted to share with you the necessary steps to get your Intune SCEP certificate distribution up and running:

1) Register the Keytos Application in your Tenant & Register the EZCA Intune Application in your Tenant This will allow EZCA to authenticate your users and check the certificate request status in Intune to issue certificates to your Intune Managed devices.
2) Create your EZCA Instance In Azure.
3) Once you have your EZCA instance you are ready to create your Intune CA.
4) Finally create your Intune device profiles and start issuing secure certificates to your user’s devices.

How Intune Issues SCEP Certificates using an Azure CA

Secure and Complaint

At the heart of any reliable identity management system lies security and compliance. That’s why we take these pillars seriously. While it may be easy to set up and connect EZCA to Intune, you can rest assured that we take the necessary steps to secure our infrastructure and meet and exceed worldwide regulatory compliance standards. With EZCA, you can trust that your Azure PKI is being run as a world class PKI with the highest level of security and compliance.

Keytos Is Here For Your Passwordless Journey

Modernize All Your PKI with EZCA

While in this blog we only talk about the new Intune integration, EZCA also offers other features that make it the best PKI solution for Azure customers such as: Our Automatic Azure Application Certificate rotation with Key vault, Azure IoT (Internet of Things) one click integration, ADCS CA management, and local ACME integration.

Full Passwordless Authentication With FIDO2, SmartCard and Phone Authentication

Our main goal at Keytos is to help organizations go fully passwordless, while we just saw how EZCA can help you by issuing SCEP certificates for your devices with Intune, one of the biggest hurdles for passwordless authentication is user onboarding. Learn how EZSmartCard can work with EZCA to help organizations go fully passwordless

Let Us Help

If you would like to learn more or talk to a PKI expert about setting up your own Intune CA, you can Talk to a PKI expert for FREE. We are here to help you on your passwordless journey, and ensure that your PKI is set up properly and securely.

Join our Newsletter