Contact Us

What is the Best Microsoft Cloud PKI Alternative?

What is the Best Microsoft Cloud PKI Alternative for Azure and Intune?
07 May 2024

In an era where digital transformation is more than just a buzzword, the spotlight shines brightly on the imperative need for advanced cybersecurity measures. With businesses across the globe rapidly pivoting to cloud-based operations, the demand for an Azure-based, cloud-native PKI has skyrocketed. This need is especially pronounced within Microsoft-centric environments, where security professionals yearn for a Microsoft Cloud PKI that not only meets but exceeds the basic requirements. Such a solution should effortlessly integrate with sophisticated features like OCSP and RADIUS, ensuring a robust security posture.

The anticipation surrounding the launch of Microsoft Intune’s PKI solution was palpable, rooted in the promise of seamless interoperability and enhanced security. However, this anticipation was met with a wave of disappointment from many corners of the cybersecurity world, as it became evident that the solution’s compatibility with diverse systems and applications was not as extensive as hoped. This shortfall underscored the pressing need for a Microsoft Cloud PKI solution that could truly bridge these gaps.

EZCA by Keytos emerges as the best alternative to Microsoft Intune PKI. It’s a beacon of hope, heralding a new era of PKI solutions. EZCA isn’t just another tool in the arsenal of cybersecurity; it’s a testament to Keytos’ understanding of the nuanced needs of modern digital infrastructures. Offering unparalleled compatibility, ease of use, and support for essential security features, EZCA stands out as the quintessential choice for organizations striving to fortify their digital environments. As we explore the myriad reasons why EZCA by Keytos reigns supreme in the realm of Microsoft Cloud PKI solutions, it’s clear that this is more than just a product; it’s a pivotal shift towards a more secure and interconnected digital future.

The Best Microsoft Cloud PKI Alternative Twitter Screenshot

The Best Microsoft Cloud PKI is EZCA by Keytos

So, what’s everyone in the security community doing to work around these issues? Well, they’re doing what they’ve been doing for the past decade any relying on 3rd party PKI tools like EZCA to fill the gaps at an exceptionally affordable price point. The team at Keytos, comprised predominately of ex-Microsoft PKI Engineers, had built EZCA to do everything you’d expect the best Microsoft Cloud CA to do. Let’s take a look at some of the features and functionality offered within EZCA that simply aren’t possible with Intune PKI.

Non-Intune SCEP: Most notably, the announcement only talks about issuing certificates through Intune SCEP. The key omission here is that there is no indication that SCEP certificates that are not managed through Intune, such as network devices, will be supported. Not ideal. Luckily for you, EZCA is capable of managing non-Intune SCEP certificates!

Azure IoT Hub Integration: After Intune, the biggest use for certificates in Azure is Azure IoT Hub. Click here to see how millions of certificates are issued and used for authentication with our Azure IoT Hub CA.

OCSP: One of the most popular ways to monitor and manage certificates is the Online Certificate Status Protocol (OCSP). Unlike more traditional methods like CRLs, OCSP was designed specifically for retrieving the revocation status of individual certificates, making it much more efficient than its traditional counterpart. Just another core feature offered by EZCA not available with Intune PKI.

Smartcard Certificate Distribution: Not sure how they failed to include support for smartcards in the offering. In my humble opinion, this seems to be an egregious omission. Smartcards have been one of the most widely used authentication methods associated with CBA for, well, a long time. Microsoft themselves added Azure CBA Support last year, however, this is only for single factor certificates. They do not support the more secure version of smartcards, or YubiKeys for that matter.

ACME: Automated Certificate Management Environment, or ACME for short, is an exceptionally useful protocol designed to automate the interaction the certificate issuance for web servers. Essentially, it allows for the automated certificate deployment and automation across web servers. The primary motivation behind leveraging ACME is to simplify the process of obtaining, renewing, and managing SSL/TLS certificates. Long story short, ACME has saved the Security Development and Engineering communities countless time and headaches, having ACME support in a private CA is a must in this day and age.

Automated Certificate Rotation in Azure Key Vault: One of the best features in Azure is that Key Vault allows you to securely manage your certificates, and even push them to VMs. AKV has supported Automated certificate rotation for DigiCert for over 5 years, and EZCA has similar functionality for private certificates.

Set Up Cloud PKI with EZCA

While Microsoft’s Cloud PKI introduces a cloud-based solution for certificate management, its current configuration and feature set raise questions regarding its comprehensiveness and scalability, particularly in relation to server and IoT certificate management, OCSP support, smartcard integration, ACME protocol support and Azure Key Vault integration.

EZCA by Keytos offers a unique blend of simplicity, security, affordability, and efficiency. It’s tailored specifically for modern security engineers who need a reliable, easy-to-use cloud PKI solution with robust functionality at a reasonable rate. Choose EZCA for a streamlined, secure, and user-friendly experience that stands unmatched in the market. We invite you to look through our PKI documentation, YouTube Channel and the suggested reading below to learn more about how EZCA can help secure your data! If you’d like to arrange some time to speak with our team of Identity Experts, please click on the previous link and select a time that is convenient for you!

You Might Also Want to Read