Is standalone CA not supported in "SCEP Certificate Flow" under "Intuen" environment?

Question

Hi All,

I am going to set up a "SCEP Certificate Flow", and the archtechfure shown at below link

https://learn.microsoft.com/en-us/troubleshoot/mem/intune/certificates/media/troubleshoot-scep-certificate-profiles/scep-certificate-profile-flow.png

However, I saw this website

https://learn.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure

And the website mentioned:

"""Certification Authority – Use a Microsoft Active Directory Certificate Services Enterprise Certification Authority (CA) that runs on an Enterprise edition of Windows Server 2008 R2 with service pack 1, or later. The version of Windows Server you use must remain in support by Microsoft. A Standalone CA isn't supported. For more information, see Install the Certification Authority."""

My question is:

1. Does the certificate authority really not support standalone CA? Isn't there any way to use a standalone CA?
2. If standalone CA support scep, please give me a work flow.

Thanks.

Answer 1

@James Chan_110, Thanks for posting in Q&A. For your questions, I would say, currently, the Certificate Authority used in the SCEP Certificate Flow for Intune environment must be a Microsoft Active Directory Certificate Services Enterprise Certification Authority (CA) that runs on an Enterprise edition of Windows Server. A Standalone CA is not supported. Therefore, currently, there is no way to use a standalone CA with SCEP in Intune.

Thanks for your understanding.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.