S03E15 - Deploying SCEP certificates to Windows devices (I.T)
Вставка
- Опубліковано 5 сер 2024
- Certificates! Nobody likes them, but they are more important than you'll ever want to admit. In this series of videos, the gang will dive deep into ways to deploy certificates via Intune.
In this episode, we show you how easy it is to create policies to deploy SCEP certificates to your Windows devices.
00:00 - Intro
00:34 - S03E14 - Configuring NDES for SCEP Certificate Deployment
• S03E14 - Configuring N...
01:43 - Export root certificate
03:08 - Create trusted certificate configuration profile
docs.microsoft.com/mem/intune...
07:37 - Create SCEP certificate configuration profile
docs.microsoft.com/mem/intune...
10:42 - Intune + certificates: something everyone should set up - Michael Niehaus
oofhours.com/2020/04/05/intun...
17:43 - Confiim deployment
22:48 - Wrap up
Visit our websites and social media for more or to get in touch with us
Steve Hosking - Microsoft MMD Team
/ onpremcloudguy
steven.hosking.com.au/
mvp.microsoft.com/en-us/Publi...
github.com/onpremcloudguy
Adam Gross - Microsoft MVP - Enterprise Mobility
/ adamgrosstx
www.asquaredozen.com
github.com/AdamGrossTX
mvp.microsoft.com/en-us/Publi...
Ben Reader - Microsoft MVP - Enterprise Mobility
/ powers_hell
www.powers-hell.com/
github.com/tabs-not-spaces
mvp.microsoft.com/en-us/Publi...
Jake Shackelford - Microsoft MVP - Enterprise Mobility
/ shackelfjaco
sysmansquad.com/author/jshack...
/ jacob-shackelford-a5bb...
Thanks guys. Excellent video.
Fantastic, thanks for sharing
Awesome 👍
Thanks heaps for the video guys. Been a real help. I did have one question though. In a shared Intune device environment, is there a trick to get it to deploy a user cert to every user that logs in? I can seem to get it to work with the very first user to login, but after that it seems to no longer push out for any new users.
Great Video Guys...However, I can only see Root Cert getting successfully enrolled and SCEP cert are actually been failed. Any idea how to troubleshoot this within Intune Portal?
Hi can i use SCEP with Conditional Access, if not, so what is the another Benefits for Using SCEP?
Hey! Great video guys. One quick question, I had to revoke my certificate as I forgot to tick on "allow smart card logon" on the template. Now my test laptop won't pick up the new revised one. Any ideas how I can force it to update?
Thanks a ton for this video. I am able to push scep certs via intune. All the certs seems to have the name of my O365 global administrator account. is that supposed to be the case.
Do you have a video to deploy the NDES services correctly ?
Hi guys! Is SCEP certificates possible to use in RADIUS (Wired and wireless network) authentication?
I also have this question. From what I've read if you have an AAD joined device (no hybrid) you can't use device certs since the NPS is looking for a computer object in AD and since it is not hybrid it won't exist in AD. Looking for ways to have this work with 802.1x. Only solutions I've seen is using something like SCEPMan but nothing offered out of the box from Microsoft but I'd be happy to hear otherwise
@@sieffy91 in the same boat too...would be a killer functionality. Yet another roadblock to going AAD over HAAD.
We would recommend to leverage a third party radius service like Cisco ISE or Aruba clearpass (what ever comes with your hardware appliances) as they support the use of the EAP-TLS protocol along with using Intune compliance for authorization process.
The SCEP certs are fully supported for wifi & 802.1x, part of the complicating factor is that there is multiple ways to implement the solution both on client and radius side.
When it comes to the assignment groups for SCEP, is it better to assign to user groups or to devices? Or does it not matter?
You need to match the cert type or the certs won’t deploy. User cert assigned to user groups.
Finally caught up with this and wanted to say thanks. We're starting with cloud managed devices and we have 802.1x on our wired network so this is going to come in handy. One probably dumb question for you, between this and the last video, which certs to I need to stay on top of as far as renewing so this keeps working.
Just make sure that any of the "backed certificates" are renewed - if you are deploying a root, then maintain that. If you have a root AND a sub, both of those.
- Ben
@@IntuneTraining Thanks so much for the reply, Ben. I hope you have a nice weekend!