Introduction

Microsoft Intune provides mobile device management and mobile application capabilities that let you determine the data different users in your organization can access. The integrated data protection and compliance capabilities define what users can do with the data within Microsoft Office and other mobile apps.

Integrating Microsoft Intune with DigiCert​​®​​ Trust Lifecycle Manager allows you to generate digital certificates that provide trust without any usernames, passwords, or additional hardware tokens. In addition, Trust Lifecycle Manager provides quick deployment and easy management and offers industry leading security that is unmatched by in-house PKI solutions.

This section covers Microsoft Profile SCEP certificate types integrated using Microsoft APIs, and describes how to integrate Microsoft Intune with Trust Lifecycle Manager to issue end-entity certificates to mobile devices for client authentication.

The following table shows the types of certificates you can request and issue for Intune and the integration method with Trust Lifecycle Manager.

Integration overview

The following illustration explains how Microsoft Endpoint Manager integrates with DigiCert​​®​​ Trust Lifecycle Manager via SCEP.

1. The Intune Administrator creates certificate templates in Microsoft Intune corresponding to the certificate profiles created in DigiCert​​®​​ Trust Lifecycle Manager.

2. Microsoft Intune deploys the Device Configuration profiles (Trusted Certificate & SCEP types) to the specified group of endpoint devices.

3. One of the devices requests a certificate from Trust Lifecycle Manager.

4. DigiCert validates the request with Intune.

5. Microsoft Intune provides the validation response to the DigiCert SCEP service.

6. DigiCert issues the certificate to the requesting device.

7. Finally, DigiCert provides the confirmation message to Intune.