SCEP (Simple Certificate Enrollment Protocol) can be used in conjunction with Microsoft Intune, a cloud-based endpoint management solution, to facilitate the deployment and management of digital certificates on devices managed by Intune. As always, it’s never a bad idea to go directly to the source, so here’s a link to what Microsoft has published (June 2023) and has to say about Intune SCEP Configuration. Additionally, you can also explore our detailed notes on how SCEP works with Intune:
Intune starts the certificate creation workflow by: sending a challenge to the client device, then the device creates a private key and a Certificate Signing Request (CSR) and sends it with the challenge to EZCA, EZCA then validates with Intune whether this request is valid, once Intune approves the request, EZCA creates the certificate and Intune installs the resulting certificate in the device.
By using Intune SCEP, organizations can leverage the certificate management capabilities of SCEP while using Intune’s comprehensive device management and security features. This allows for centralized management, automation, and enforcement of certificate policies across devices managed by Intune. It simplifies the deployment and renewal of certificates on a large scale, ensuring devices have the necessary credentials for secure communication and authentication within the organization’s infrastructure.
Over the past couple of years, it has become increasingly simple and easy to set up your own PKI with EZCA. In just a few minutes, you can have your own private certificate authority up and running. Don’t believe us? Take a look at this article titled, “How to Create a Secure Certificate Authority In Azure”…yes, it’s really that simple!
As always, if you’re looking for more formal, detailed directions on how exactly everything works, take a look at our documentation section or our YouTube channel, we’d truly appreciate your feedback!