Introduction
Microsoft Intune provides mobile device management and mobile application capabilities that let you determine the data different users in your organization can access. The integrated data protection and compliance capabilities define what users can do with the data within Microsoft Office and other mobile apps.
Integrating Microsoft Intune with DigiCert ONE allows you to generate digital certificates that provide the trust without any usernames, passwords, or additional hardware tokens. In addition, DigiCert ONE DigiCert® Trust Lifecycle Manager provides quick deployment and easy management and offers industry leading security that is unmatched by in-house PKI solutions.
The integration is accomplished using the Intune NDES connector (which communicates with DigiCert ONE APIs), and/or using Microsoft APIs.
The following table shows the types of certificates that can be issued and the integration methods for that certificate type.
DigiCert certificate type | Microsoft profile type | Integration method with DigiCert ONE DigiCert® Trust Lifecycle Manager | Notes |
---|---|---|---|
Device Authentication |
|
|
|
User (Client) Authentication |
|
|
|
S/MIME (Digital signature only) |
|
|
|
S/MIME (Encryption only) | PKCS imported certificate | Microsoft NDES (PFX) Connector | Intune does not support new enrollments or renewals of S/MIME escrowed certificates. This solution feature recovers an existing S/MIME key and certificate in PKCS12 format with its associated password and imports it to Intune for onward provisioning. |
Secure Email (S/MIME Signing and Encryption) | PKCS imported certificate | Microsoft NDES (PFX) Connector | Intune does not support new enrollments or renewals of S/MIME escrowed certificates. This solution feature recovers an existing S/MIME key and certificate in PKCS12 format with its associated password and imports it to Intune for onward provisioning. |
This section covers Microsoft Profile SCEP certificate types integrated using Microsoft APIs, and describes how to integrate Microsoft Intune with DigiCert ONE DigiCert® Trust Lifecycle Manager to issue end-entity certificates to mobile devices for client authentication.