Intune enterpriseenrollment.domain.com Certificate

Question

Hi guys,Currently I've a service running at enterpriseenrollment.domain.com. Due to compliance requirement i had to go through an audit and the auditor highlighted that my asset does not have a valid certificate installed on it.
When i visit the website via HTTPS, i am presented the following,

Your connection is not private Attackers might be trying to steal your information from enterpriseenrollment.domain.com (for example, passwords, messages, or credit cards). Learn more 

I realise the error has to do with the certificate not matching.

I am aware that i need to add the subdomain to a SAN or issue a certificate to it but how would i go about doing this as this a CNAME record that points to a microsoft asset which i can not configure.

Answer 1

If you have Intune MDM configured, then you are using the CNAME configuration recommended in that MS article.

So, this service are out of the scope of the company audit. This enrollment service are in the Microsoft services to his MDM enroll service.

If you have a own service running on that URL I recommend to move that service to another DNS. And let the CNAME only for the MS MDM purposes.

CNAME	EnterpriseEnrollment.contoso.com	EnterpriseEnrollment-s.manage.microsoft.com	1 hour

[https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enroll