- This line was added.
- This line was removed.
- Formatting was changed.
This article describes a configuration example of the SCEP protocol with Azure Intune in Protocol Gateway.
The following prerequisites apply:
Configure Intune for device certificate enrollment
To authorize communication between Protocol Gateway and Azure Intune you need to create a new registration app in your company Azure portal.
To allow Windows 10 devices to enroll using Intune, Microsoft Intune Mobility MDM (Mobile Device Management) must be enabled.
To establish the necessary certificate trust stores for the devices to successfully enroll with Intune, the following Trusted certificate profiles need to be configured:
Follow this guide to configure each of the trusted certificate profiles:
A SCEP Certificate Profile needs to be created for Intune to know how the end user certificate should be defined and which CA to deliver the CSR to.
Configure Protocol Gateway SCEP for Intune
To set the properties for the SCEP protocols:
Enroll Windows 10 device
See the following Microsoft guide on how to enroll Windows 10 devices: https://docs.microsoft.com/en-us/mem/intune/enrollment/quickstart-enroll-windows-device.