Introduction

Microsoft Intune provides mobile device management and mobile application capabilities that let you determine the data different users in your organization can access. The integrated data protection and compliance capabilities define what users can do with the data within Microsoft Office and other mobile apps.

Integrating Microsoft Intune with DigiCert​​®​​ Trust Lifecycle Manager allows you to generate digital certificates that provide trust without any usernames, passwords, or additional hardware tokens. In addition, Trust Lifecycle Manager provides quick deployment and easy management and offers industry leading security that is unmatched by in-house PKI solutions.

This guide describes how to integrate Microsoft Intune using the SCEP (Simple Certificate Enrollment Protocol) service of Trust Lifecycle Manager to request and issue the following certificate types from DigiCert:

Integration architecture

The following illustration explains how Microsoft Endpoint Manager integrates with DigiCert​​®​​ Trust Lifecycle Manager via SCEP.

1. The Intune Administrator creates certificate templates in Microsoft Intune corresponding to the certificate profiles created in DigiCert​​®​​ Trust Lifecycle Manager.

2. Microsoft Intune deploys the Device Configuration profiles (Trusted Certificate & SCEP types) to the specified group of endpoint devices.

3. One of the devices requests a certificate from Trust Lifecycle Manager.

4. DigiCert validates the request with Intune.

5. Microsoft Intune provides the validation response to the DigiCert SCEP service.

6. DigiCert issues the certificate to the requesting device.

7. Finally, DigiCert provides the confirmation message to Intune.