This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Contoso wants to deploy Microsoft Cloud PKI. Their IT team needs to decide how many certification authorities (CAs) to create. What is the maximum number of CAs allowed in a single Intune tenant?
2
6
10
An administrator at Fabrikam configures Cloud PKI and creates a root CA and an issuing CA. Devices receive the SCEP certificate profile but are rejecting the issued certificates. What is the most likely cause?
The issuing CA validity period is set to more than 5 years.
The trusted certificate profiles for the root CA and issuing CA weren't deployed before the SCEP profile.
The renewal threshold was set to 20%, which is too low for initial enrollment.
A security engineer at Northwind asks: 'Where does the private key get created during SCEP-based certificate enrollment?' What is the correct answer?
On the Cloud PKI SCEP service in Azure
On the device itself; it never leaves the device
On the issuing CA, and then delivered securely to the device
Contoso's SCEP certificate profiles are configured with a one-year validity period and a 20% renewal threshold. Several remote devices that connect to Intune infrequently show expired certificates. What is the best remediation?
Increase the certificate validity period to 5 years so certificates last longer.
Increase the renewal threshold to 40% and shorten the validity period to 180 days to extend the renewal window.
Manually revoke and reissue certificates for all affected devices each month.
An administrator needs to verify that a specific Windows device received a certificate and that the subject name and SAN values are correct. Which built-in tool can they use directly on the device?
The Cloud PKI dashboard in the Intune admin center
certmgr.msc or certutil -store My run on the device
certmgr.msc
certutil -store My
Microsoft Entra sign-in logs
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?