What is the benefit of using SCEP with Intune.

Question

What is the benefit of using SCEP with Intune.

brichardi 361

Hello Intune Guru.

I have a question about secure intune. I have seen some organizations using SCEP in combination with Intune MDM. What is the benefit of using SCEP withe Intune?

Also, my organization thinking about creating Intune Autopilot to enroll Windows 11. Since 95% of our security settings in on GPOs, and Intune policies is not the same as GPO. How can we apply the same security settings from GPO to Intune MDM Autopilot devices.

Thanks for your help.

2 answers

Your answer

Answer 1

SCEP (Simple Certificate Enrollment Protocol) is a protocol that allows devices to securely enroll for and retrieve digital certificates. When used with Microsoft Intune, SCEP can provide the following benefits:

Securely provision and manage device certificates for Wi-Fi, VPN, email, and other services
Easily revoke and replace lost or compromised certificates
Automate the enrollment process for devices, reducing the need for manual intervention
Provide a secure way for devices to authenticate to corporate resources

Overall, SCEP allows for secure and automated management of digital certificates on devices, which can help improve the security of the device and the organization's network.

Answer 2

Crystal-MSFT 53,981 Microsoft External Staff

@brichardi, Thanks for posting in Q&A.

Intune supports use of the Simple Certificate Enrollment Protocol (SCEP) to authenticate connections to your apps and corporate resources. When your infrastructure supports SCEP, you can use Intune SCEP certificate profiles (a type of device profile in Intune) to deploy the certificates to your devices.

https://learn.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure

To find if the setting in GPO exists on Intune, you can try the feature "Group Policy analytics". You can see more details in the following link:

https://learn.microsoft.com/en-us/mem/intune/configuration/group-policy-analytics

Hope it can help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Crystal-MSFT 53,981 Reputation points Microsoft External Staff

2023-01-24T08:34:47.15+00:00

@brichardi, Long time not heard from you. I am writing to see if there's anything else we can help. If yes, feel free to let us know.
brichardi 361 Reputation points

2023-01-25T20:42:46.2766667+00:00

I've tried importing my GPO into Intune Group Policy Analytic, but unfortunately, less than 1/3 of the GPO setting is compatible with Intune Group Policy Analytic.

My next course of action would be implement Windows 10 Always On for all the laptop using remotely.

Thanks
Crystal-MSFT 53,981 Reputation points Microsoft External Staff

2023-01-26T06:12:00.3166667+00:00

@brichardi, Thanks for letting us know the status. For the policy not available, you can also try if the following feature can help:

https://learn.microsoft.com/en-us/mem/intune/configuration/administrative-templates-import-custom

If there's anything else we can help during this time, feel free to let us know.
brichardi 361 Reputation points

2023-01-26T16:33:57.66+00:00

I tried to import the GPO into intune, but unfortunately less than 1/3 of the settings is compatible with Intune group policy analysis.

My next steps is trying Windows 10 Always on VPN to see if the remote laptops will get all of the security settings from GPO.
Crystal-MSFT 53,981 Reputation points Microsoft External Staff

2023-01-27T05:46:12.9666667+00:00

@brichardi, Thanks for the reply. I notice you ae deploying VPN. If there's any more we can help, feel free to let us know.

Share via

What is the benefit of using SCEP with Intune.

2 answers

Your answer