intune

Time To Upgrade the Certificate Connector!

If your certificate connector is still on a version earlier than 6.2101.13.0 then it is the right time to upgrade it because, from today onwards, they are deprecated and will not be able to issue certificates to your devices. If you have a certificate connector configured, then

5 min read
Time To Upgrade the Certificate Connector!

If your certificate connector is still on a version earlier than 6.2101.13.0 then it is the right time to upgrade it because, from today onwards, they are deprecated and will not be able to issue certificates to your devices.


If you have a certificate connector configured, then you might be leveraging its functionality for issuing & revoking:

In July’21, Microsoft published the lifecycle policy for certificate connectors, and as per Microsoft:

  1. Each new connector release will be supported six months after its release date. During this period, automatic updates can install a newer connector version (depending upon your network configuration).
  2. If an out-of-support connector fails, it must update to the latest supported version.
  3. If automatic updates of the connector are blocked, the manual update of the connector will be required within six months before support for the installed version ends.
  4. Connectors out of support will continue functioning for up to 18 months after their release date. After 18 months, a connector’s functionality might fail due to service level improvements, updates, or addressing common security vulnerabilities that might surface in the future.

This helps replace three separate certificate connectors for SCEP and PKCS and imported PKCS with a Unified Certificate Connector. Previously, from Intune portal, we had the option to download three different connectors viz SCEP, PKCS and PFX imported. 

You just need to download and configure the new unified certificate connector, enabling multiple capabilities from a single connector. 


Check the version installed in your environment:

You can verify the version of the connector from the server on which it is installed.

This screenshot shows that the connector version is deprecated, which is why the MEM portal status shows an error.


Prerequisites for the Certificate Connector for Microsoft Intune:

Before installing and configuring the Certificate Connector for Microsoft Intune, let’s review the prerequisites and infrastructure requirements. These prerequisites can vary depending on the features you want to configure. However, the general requirements are as below:

Please refer to the Prerequisites for using the Certificate Connector for Microsoft Intune – Azure | Microsoft Docs for detailed permissions and requirements for the connector. 

Let’s get the ball rolling then. 


Uninstall the Deprecated Connector:


Download the Latest Connector:


Configure Intune Certificate Connector:

To configure the certificate connector, use the Certificate Connector for Microsoft Intune wizard. The configuration will start automatically if you choose to Configure Now in the previous step, or you can manually launch it by opening an elevated command prompt and running the below command:


Verify the New Connector:

The quick & best way to verify is by checking the SCEP URL. All is set if it is giving the expected HTTP 403 error! 

The connector status should also reflect as active and healthy in the MEM Portal, indicating a successful upgrade. 

Once you verify that all the services are running fine, delete the old connector from Intune portal.


That’s all for today. Hope you will find this post useful!

Share This Post

Check out these related posts

Early Bird Gets the Worm: Testing iOS 18 & macOS 15 (Beta) Devices with Intune

Platform SSO for macOS: A Deep Dive into Configuration & Troubleshooting

Application Inventory: The Unsung Hero of macOS Security