This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 8%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
I want to do below task.
Step 1: import a cert
Step 2: Installing to a PC
Step 3: Send a request from PC to Intune
Step 4: Intune said OK
Step 5: Can go to Corporate networ
Please guide me how to create this policy or custom policy for intune.
Thanks.
What type of Certs are you trying to deploy?
Device Cert
Hi James,
I would recommend taking a look at this documentation:
Trusted root certificate profiles for Microsoft Intune
https://learn.microsoft.com/en-us/mem/intune/protect/certificates-trusted-root
When using Intune to provision devices with certificates to access your corporate resources and network, use a trusted certificate profile to deploy the trusted root certificate to those devices. Trusted root certificates establish a trust from the device to your root or intermediate (issuing) CA from which the other certificates are issued.
You deploy the trusted certificate profile to the same devices and users that receive the certificate profiles for Simple Certificate Enrollment Protocol (SCEP), Public Key Cryptography Standards (PKCS), and imported PKCS.
To create a trusted certificate profile
If this is helpful please accept answer.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@James Chan_110, Thanks for posting in Q&A. From the tasks you provided, it seems you want Intune to approve corporate network access in the process. Based as I know, Intune currently does not have such feature to approve the request.
Based on my researching, I find Microsoft Purview can manage workflow requests and approvals
https://learn.microsoft.com/en-us/purview/how-to-workflow-manage-requests-approvals
You can contact them to confirm if they can do what you want.
https://www.microsoft.com/en-us/security/business/microsoft-purview
Thanks for your understanding.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks. I want to ask a one more question. Can I set a policy that when a device is non-compliance, its device cert will be deleted.
After its status back to "compliance", the intune will send the device cert to the device again.
Is it possible to configure in Intune?
Thanks,
@James Chan_110, I am afraid not. Intune device compliance policies allow you to define rules and settings that users and managed devices must meet to be compliant. You can also specify actions for noncompliance, such as remotely locking devices or sending email alerts to users and groups with details about the noncompliant device. However, it is not possible to configure Intune to delete a device certificate when it is non-compliant and then send the certificate again when the device is back in compliance.