We love Microsoft, but let’s be real for a second: they don’t always deliver on their promises. For example, if you decided to listen to Microsoft from years ago and wait for them to release their CA for Intune, you would have to pray that scientists discover time travel so you can skip ahead 100 years to get it – and even then you’d be rolling the dice on it actually being ready to release. In the meantime, Microsoft recommends that organizations seeking an Intune CA use EZCA, the first cloud-based CA solution for Azure ever created, citing EZCA by Keytos as one of their approved third-party CA partners, a glowing endorsement.
So now you’re probably wondering, “that’s great and all, but where can I learn how to set up an Intune CA with EZCA?” You’re in the right place! Let’s jump in, shall we?
Did you know that as of January 2023, EZCA can issue SCEP certificates for Intune? This awesome integration lets organizations use phishing-resistant authentication for VPNs, network infrastructures and more without needing a large on-prem infrastructure – with EZCA, long gone are the days of maintaining on-premises infrastructures! You can check out our documentation on how to issue SCEP certificates for Intune to learn more, but the gist of it is that this integration eliminates the typical on-premises needs: CAs, HSMs, CRL servers, OCSP, and SCEP servers. What a time to be implementing PKI!
EZCA completely modernizes your CA setup, moving away from a traditional on-premises Microsoft CA. This shift means that you can carry out all the tasks that your old CA handled without the stress of maintaining and managing a robust PKI.
EZCA’s capabilities extend beyond just issuing Intune SCEP certificates – it also provides domain controller certificates essential for Windows Hello For Business Hybrid, SSL certificates for securing internal websites and facilitating service-to-service authentication, and smartcard certificates. Learn more about how to create an Azure-based CA for Intune here.
To quote the legendary Bruce Buffer, “Ladies and gentlemen, this is the main event of the evening! … It’s time!” What time is it, though? It’s time to learn how to set up an Intune CA with EZCA! All you need to do is follow these 4 simple steps:
1) Register the Keytos app in your tenant and then register the EZCA Intune app in your tenant. By doing so, you will allow EZCA to authenticate your users and verify the status of your certificate request in Intune, thus allowing it to then issue said certificates to your Intune managed devices.
2) Set up your EZCA instance in Entra.
3) Make your Intune CA.
4) Set up your Intune device profiles and begin sending secure certs to your users’ devices!
We understand that compliance and security are key components of any reputable security tool, which is why we went above and beyond to not just follow identity and security best practices but to meet and exceed international regulatory compliance standards. When using EZCA, you can rest assured that your Intune CA is being run as a top-rate CA with the greatest level of security and compliance that you will find anywhere on the market.