When planning to deploy certificates with Intune, there will be two obvious questions that will pop up: * Do I need to deploy a user certificate or a device certificate? * What can I do with these certificates? The most common scenarios include network authentication using a device or user certificate. Such
When planning to deploy certificates with Intune, there will be two obvious questions that will pop up:
The most common scenarios include network authentication using a device or user certificate. Such as authentication to the VPN, corporate Wi-Fi or corporate LAN using the device or user certificate. You can also use these certificates for signing & encrypting emails.
Some Basics first...
Access any application has to go through two steps-
Think of those conventional times when users were required to enter their credentials to authenticate to corporate connections or resources. The concept of using certificate-based authentication makes it more secure and seamless as users are no longer required to provide their credentials every time to authenticate.
Using Intune, you can deploy two types of certificates, i.e., Simple Certificate Enrollment Protocol (SCEP) and Public Key Cryptography Standards (PKCS).
SCEP or PKCS ??? Both have their own advantages and disadvantages, so please discuss this thoroughly within your teams/organization to decide which one to configure and deploy.
However, there are certain pre-requisites before you deploy the SCEP or PKCS certificate(s); you should have:
Once a trusted root certificate is deployed, you can deploy certificate profiles to provide users and devices with certificates for authentication.