Microsoft Intune cannot deliver certificate to my windows 10 devices

Kevin Arc 1 Reputation point
2021-08-29T11:29:31.8+00:00

Hi,

I tried to use Microsoft Intune to assign Simple Certificate Enrollment Protocol (SCEP) certificates to my windows 10 laptop from my internal PKI. After set up all the things, my devices still can't get certificated assigned. There is only one thing different is running "IntuneCertificateConnector", it doesn't ask me for a certificate to use and didn't ask me to enroll like the articles on the web. I noticed that what they are using is NDESConnector. But what I download from my Intune is not this one but IntuneCertificateConnector.
I'm not sure if there is any change for this. I can's find NDESPolicy under this registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\Modules. And I got error in my NDES as below. Please help.
127307-image.png

127384-image.png

127355-image.png

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,618 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Nick Hogarth 3,436 Reputation points
    2021-08-29T22:11:02.897+00:00

    Microsoft updated the certificate connector so the documentation you viewed might be old. The update also "Removes the need to select a client certificate for SCEP integration with NDES." See https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new#certificate-connector-for-microsoft-intune-combines-separate-certificate-connectors

    Which guides did you follow? Did you use the application proxy to publish the NDES? Is the connector active in the Intune connectors section?

    0 comments No comments

  2. Crystal-MSFT 45,331 Reputation points Microsoft Vendor
    2021-08-30T04:14:00.967+00:00

    @Kevin Arc , Agree with Nick, beginning on July 29, 2021, the Certificate Connector for Microsoft Intune replaces the old connector.

    For the new certificate Connector for Microsoft Intune, only the Server authentication certificate is used. We can follow the steps in the articles below to configure SCEP to see if it can work well:
    Configure infrastructure to support SCEP with Intune
    https://learn.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure

    Certificate Connector for Microsoft Intune
    https://learn.microsoft.com/en-us/mem/intune/protect/certificate-connector-overview

    Prerequisites for the Certificate Connector for Microsoft Intune
    https://learn.microsoft.com/en-us/mem/intune/protect/certificate-connector-prerequisites

    Install the Certificate Connector for Microsoft Intune
    https://learn.microsoft.com/en-us/mem/intune/protect/certificate-connector-install

    Hope it can help.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.