question

tarouchabi-7271 avatar image
0 Votes"
tarouchabi-7271 asked LuDaiMSFT-0289 commented

About device certificates for iOS and INTUNE

I'm considering migrating from another company's MDM to intune.
Is there any certificate installed when I register my iphone with intune?

I want to prevent users from reusing device certificates. Please tell me how to control with intune.
And, Is there a way to access o365 only from devices that have the certificate distributed by the tenant installed?
In the future I plan to introduce MCAS, but I would like to know if it can be controlled with conditional access and intune.

mem-intune-device-configurations
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered LuDaiMSFT-0289 commented

@tarouchabi-7271 Thanks for posting in our Q&A.

No, there is no certificate installed when we enroll iOS devices with intune, we just install management profile.
https://docs.microsoft.com/en-us/mem/intune/user-help/enroll-your-device-in-intune-ios

However, before we enroll the iOS devices, it is needed to get an Apple MDM Push certificate. We can read the following article as a reference. There is no way to control this certificate via intune.
https://docs.microsoft.com/en-us/mem/intune/enrollment/apple-mdm-push-certificate-get

For conditional access and MCAS, it is more related to Azure AD. So it is suggested to post and only add Azure AD tag.

Thanks for understanding and have a nice day.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you very much.
There are several digital certificate distribution methods (PKCS, SCEP) in intune. Can I control it with conditional access?
Well.... I want to access o365 only from the device where the device certificate is installed.
Is there a good way?

0 Votes 0 ·

@tarouchabi-7271 Thanks for your response.

For this requirement, currently, there is no method to control certificates with conditional access via intune. If you are interested in this, we can vote and post our detailed request here. This is a place to collect customers' requirements and problems.
https://microsoftintune.uservoice.com/forums/291681-ideas

1 Vote 1 ·

Thank you very much. please tell me.
What are the criteria for intune to consider a device compliant? I want to set a certificate as a condition to comply, is it possible?
Is it possible to include the version of ios or browser in the condition?

Conditions I know......
- The device is registered in azuread.
- The device is registered in intune.
- Do not violate intune compliance policy.


0 Votes 0 ·
Show more comments