Contact Us

Intune SCEP – How to Get SSL Certificates

How to use Intune SCEP to get SSL certificates for your Intune managed devices
26 Aug 2023

Intune SCEP – How to Get SSL Certificates for Intune Managed Devices

Intune allows you to use SCEP certificates to authenticate your devices. This is a great way to secure your devices and to enable passwordless authentication for your devices. However, the process of getting these certificates can be a bit tricky. In this blog, we will go over how to get SSL certificates for your Intune managed devices, while this can be done for “free” with ADCS SCEP connector, we value your time so we will use EZCA, an Azure-based PKI solution.

Create an Azure-Based SCEP Certificate Authority for Intune in Minutes

With the ability to issue SCEP certificates for Intune, organizations can now use passwordless authentication for their VPN, network infrastructure and more, all without the need for a large on-premises infrastructure, thus eliminating the need for domain controllers, certificate authorities, hardware security modules (HSMs), certificate revocation list (CRL) servers, and SCEP servers.

By employing EZCA, Keytos’s Azure-based PKI solution, organizations can now easily and securely issue and manage SCEP certificates for Intune, all without needing a massive team for infrastructure maintenance and management. This lowers the typically high barriers of entry for organizations looking to go passwordless in a cloud-only environment.

Use EZCA to start issuing SSL certificates for Intune SCEP

How to Start Getting Intune SCEP Certificates

We know that you are chomping at the bit to start getting and issuing Intune SCEP certificates, so we wanted to share the necessary steps to get your Intune SCEP certificate distribution off the ground:

1) Register the Keytos application in your tenant and register the EZCA Intune application in your tenant. This enables EZCA to authenticate your users and check the certificate request status in Intune to issue certificates to your Intune managed devices.
2) Create your EZCA instance in Azure.
3) Once you have your EZCA instance, you are finally ready to create your Intune SCEP certificate authority!
4) Finally, create your Intune device profiles and start issuing secure Intune SCEP certificates to your users’ devices.

Yes, it is really that simple! Only four steps and you and your organization are Intune SCEP certificate issuing machines!

Replace Your Legacy ADCS with a Fully Cloud-Based Certificate Authority

Now that you saw how easy it is to setup Intune SCEP with EZCA, we are happy to tell you that EZCA does not stop at Intune certificates, it totally replaces your existing on-premises ADCS CA by enabling you to achieve everything your legacy CA did without needing to worry about the tedious levels of maintenance and upkeep that it takes to run an effective PKI. In addition to issuing Intune SCEP certificates, EZCA can issue:

Domain Controller Certificates for Windows Hello for Business Hybrid

One of the most vital pieces of truly passwordless authentication and, frankly, of any modern IT stack is Windows Hello for Business. Windows Hello for Business gives users a convenient, passwordless way to authenticate to corporate resources. EZCA makes the domain controller certificates necessary for Hybrid Key Trust Hello for Business deployment.

SSL Certificates for Internal Sites and Service-to-Service Authentication

EZCA helps organizations automate SSL certificate issuance via Azure Integrations while also enabling other modern certificate issuance methods such as local network ACME. This allows your engineers to use the tools they are familiar with for certificate lifecycle automation, which makes everyone happy.

Smartcard Certificates

If you are interested in issuing SCEP certificates to Intune devices, you are probably looking at other passwordless authentication methods as well such as Smartcards, authentication with Azure CBA, and even FIDO2 keys. EZCA connects to EZCMS, the first fully passwordless authentication onboarding tool for Azure, allowing your organization to smoothly transition from Intune SCEP to going fully passwordless.

Secure and Compliant

Security and compliance are the pillars of any reliable and effective identity management system, and we take that very seriously. EZCA was designed by ex-Microsoft PKI experts, and we follow all necessary protocol and procedures in order to secure our infrastructure and to meet (and exceed) global regulatory compliance standards. With EZCA, you can trust that your Azure-based PKI is being run as a world class PKI with the highest level of security and compliance you can find.

Keytos is Here to Guide You on Your Quest to go Passwordless

Modernize all of Your PKI with EZCA

EZCA also offers other features in addition to issuing Intune SCEP certificates, such as: our Automatic Azure Application certificate rotation with Key Vault, Azure IoT one-click integration, ADCS CA management and local ACME integration. This makes EZCA, holistically, the best PKI solution for Azure.

Fully Passwordless Authentication with FIDO2, Smartcard and Phone Authentication

Our main goal at Keytos is to help organizations go fully passwordless. While we just went through how EZCA can help you by issuing SCEP certificates for your devices with Intune, one of the biggest hurdles for truly passwordless authentication is user onboarding. Learn how EZCMS can work with EZCA to help organizations go fully passwordless.

Completely Transparent Pricing Structure

Here at Keytos, we don’t believe in hidden fees or upcharging – we believe in making the world a more cyber secure place without needing to spend an arm and a leg to do so. We charge per CA for each of our three pricing plans – Basic, Premium and Private Infrastructure. To learn more about the differences between each of these tiers, check out the EZCA pricing page. With Keytos, what you see is what you get – the best product on the market at the best price.

Talk to a PKI Expert Today!

If you would like to learn more or talk to a PKI expert about setting up your own Intune CA, you can talk to a PKI expert for free at your earliest convenience!

You Might Also Want to Read