Prerequisites for Intune SCEP integration

Before setting up the Microsoft Intune SCEP integration, make sure the following prerequisites are in place.

Microsoft Intune prerequisites

Intune tenant must have Azure Active Directory services enabled.
Intune account must be configured for Intune MDM Authority.
To issue certificates to Apple iOS/iPadOS and macOS devices, the Intune account must be configured with an Apple MDM Push Certificate.
To include user security identifier (SID) values in client authentication certificates issued from Trust Lifecycle Manager, the On-premises sync enabled flag must be set to Yes for the users in Intune.

You must have available seat licenses allocated to the business unit(s) where you'll create certificate profiles and issue certificates.

Your Trust Lifecycle Manager account must include one or more of the following base templates to use for creating certificate profiles.

DigiCert base template name	Trust type	Issuing CA
`Device Authentication for Microsoft Intune (SCEP)`	Private	DigiCert® Private CA
`Generic Private Server Certificate`	Private	DigiCert® Private CA
`Public S/MIME (Digital Signature only) for Intune (via CertCentral)`¹	Public	DigiCert CertCentral®
`User Client Authentication for Microsoft Intune (SCEP)`	Private	DigiCert® Private CA
_{1. This template is limited. If not already present, contact your platform representative to assign the template to your account.}

To start configuring the integration, you first need to Set up the Intune connector.

In this section: