question

VarunAggarwal-9388 avatar image
0 Votes"
VarunAggarwal-9388 asked Crystal-MSFT commented

Windows autopilot using non microsoft certificate authority

Hello,

I have an onpremises certificate authority which is not windows based and does not support native ndes solution, however does provide a scep endpoint which is accessible from corporate network only.

I want to device certificates which will be used for vpn.

Has anyone came across this scenario or have any suggestions how device certificates can be issued.

Any suggestions or pointers will be of great help

mem-autopilot
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@VarunAggarwal-9388, Thanks for posting in Q&A.

During Autopilot ESP phase, the certificate profile deployed can be SCEP certificate or PKCS certificate.
https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-status#enrollment-status-page-tracking-information

After researching, I find both the SCEP and PKCS needs CA to be on windows server.
https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure
https://docs.microsoft.com/en-us/mem/intune/protect/certificates-pfx-configure

For your situation, you can feedback to uservoice to see if the new feature can be added: for non-windows CA as well.
https://feedbackportal.microsoft.com/feedback/forum/ef1d6d38-fd1b-ec11-b6e7-0022481f8472

Thanks for the understanding.

0 Votes 0 ·

0 Answers