Implement Microsoft Cloud PKI

Module
6 Units

Intermediate

Administrator

Microsoft 365

Windows

Microsoft Intune

This module shows how to deploy and operate Microsoft Cloud PKI in Microsoft Intune. You'll build a two-tier CA hierarchy, automate SCEP-based certificate issuance and renewal, and monitor certificate health across your organization—without on-premises NDES or connector infrastructure.

Learning objectives

By the end of this module, you'll be able to:

Describe how Microsoft Cloud PKI replaces on-premises certificate infrastructure
Create a root CA and issuing CA hierarchy in the Microsoft Intune admin center
Deploy trusted certificate profiles and SCEP certificate profiles in the correct order
Configure validity periods, renewal thresholds, key usage, and EKUs for SCEP profiles
Monitor certificate health, audit administrative actions, and remediate common issuance and renewal problems

Prerequisites

Familiarity with Microsoft Intune device management
Basic understanding of public key infrastructure (PKI) and certificate concepts
Awareness of SCEP and certificate-based authentication scenarios (Wi-Fi, VPN)

Introduction min
Set up cloud-based PKI min
Automate certificate issuance and renewal min
Monitor certificate health and compliance min
Knowledge check min
Summary min

Start