Skip to main content

Introduction

Microsoft Intune provides mobile device management and mobile application capabilities that let you determine the data different users in your organization can access. The integrated data protection and compliance capabilities define what users can do with the data within Microsoft Office and other mobile apps.

Integrating Microsoft Intune with DigiCert​​®​​ Trust Lifecycle Manager allows you to generate digital certificates that provide trust without any usernames, passwords, or additional hardware tokens. In addition, Trust Lifecycle Manager provides quick deployment and easy management and offers industry leading security that is unmatched by in-house PKI solutions.

This guide describes how to integrate Microsoft Intune using the SCEP (Simple Certificate Enrollment Protocol) service of Trust Lifecycle Manager to request and issue the following certificate types from DigiCert:

  • Device Authentication

  • Public S/MIME

  • User (Client) Authentication

  • Private Server

Integration architecture

The following illustration explains how Microsoft Endpoint Manager integrates with DigiCert​​®​​ Trust Lifecycle Manager via SCEP.

SmallerIntuneDiagram.png
  1. The Intune Administrator creates certificate templates in Microsoft Intune corresponding to the certificate profiles created in DigiCert​​®​​ Trust Lifecycle Manager.

  2. Microsoft Intune deploys the Device Configuration profiles (Trusted Certificate & SCEP types) to the specified group of endpoint devices.

  3. One of the devices requests a certificate from Trust Lifecycle Manager.

  4. DigiCert validates the request with Intune.

  5. Microsoft Intune provides the validation response to the DigiCert SCEP service.

  6. DigiCert issues the certificate to the requesting device.

  7. Finally, DigiCert provides the confirmation message to Intune.

Workflow

To set up the Microsoft Intune integration via SCEP, complete these tasks in order:

Task

Documentation

1.

Configure Intune settings, and make sure the required base templates and seats are available in Trust Lifecycle Manager.

Prerequisites

2.

Set up the Microsoft Intune connector in Trust Lifecycle Manager.

Set up the Intune connector

3.

Create the trusted certificate profile in Intune, and create the corresponding certificate profiles in Trust Lifecycle Manager for enrolling certificates.

Intune device profile and DigiCert certificate profile configurations for certificate use cases

4.

Enroll devices in the Intune mobile device management (MDM) platform.

Joining a device to Intune MDM

5.

Verify the issued certificates in Trust Lifecycle Manager.

Verify certificate issuance details in Trust Lifecycle Manager