This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 19%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETC%3C/text%3E%3C/svg%3E)
I'm considering migrating from another company's MDM to intune.
Is there any certificate installed when I register my iphone with intune?
I want to prevent users from reusing device certificates. Please tell me how to control with intune.
And, Is there a way to access o365 only from devices that have the certificate distributed by the tenant installed?
In the future I plan to introduce MCAS, but I would like to know if it can be controlled with conditional access and intune.
@tarou chabi Thanks for posting in our Q&A.
No, there is no certificate installed when we enroll iOS devices with intune, we just install management profile.
https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-your-device-in-intune-ios
However, before we enroll the iOS devices, it is needed to get an Apple MDM Push certificate. We can read the following article as a reference. There is no way to control this certificate via intune.
https://learn.microsoft.com/en-us/mem/intune/enrollment/apple-mdm-push-certificate-get
For conditional access and MCAS, it is more related to Azure AD. So it is suggested to post and only add Azure AD tag.
Thanks for understanding and have a nice day.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you very much.
There are several digital certificate distribution methods (PKCS, SCEP) in intune. Can I control it with conditional access?
Well.... I want to access o365 only from the device where the device certificate is installed.
Is there a good way?
@tarou chabi Thanks for your response.
For this requirement, currently, there is no method to control certificates with conditional access via intune. If you are interested in this, we can vote and post our detailed request here. This is a place to collect customers' requirements and problems.
https://microsoftintune.uservoice.com/forums/291681-ideas
Thank you very much. please tell me.
What are the criteria for intune to consider a device compliant? I want to set a certificate as a condition to comply, is it possible?
Is it possible to include the version of ios or browser in the condition?
Conditions I know......
@tarou chabi The compliance policy can be used to require an email, mark rooted (jailbroken) devices as not compliant, set an allowed threat level, set passwords to expire for iOS devices. We can refer to the following article:
https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-ios
However, as far as I know, no built-in settings could be set to check if the device has a certificate in compliance policy.
Thanks for understanding.