Skip to main content

Introduction

Microsoft Intune provides mobile device management and mobile application capabilities that let you determine the data different users in your organization can access. The integrated data protection and compliance capabilities define what users can do with the data within Microsoft Office and other mobile apps.

Integrating Microsoft Intune with DigiCert ONE allows you to generate digital certificates that provide the trust without any usernames, passwords, or additional hardware tokens. In addition, DigiCert ONE DigiCert​​®​​ Trust Lifecycle Manager provides quick deployment and easy management and offers industry leading security that is unmatched by in-house PKI solutions.

The integration is accomplished using the Intune NDES connector (which communicates with DigiCert ONE APIs), and/or using Microsoft APIs.

The following table shows the types of certificates that can be issued and the integration methods for that certificate type.

Tabella 1. Certificate Type Integration Method

DigiCert certificate type

Microsoft profile type

Integration method with DigiCert ONE DigiCert​​®​​ Trust Lifecycle Manager

Notes

Device Authentication

  1. SCEP certificate

  2. PKCS certificate

  1. Microsoft API

  2. Microsoft NDES Connector

  1. This is a cloud-to-cloud integration.

  2. NDES connector runs on a Microsoft server machine that you host.

User (Client) Authentication

  1. SCEP certificate

  2. PKCS certificate

  1. Microsoft API

  2. Microsoft NDES Connector

  1. This is a cloud-to-cloud integration.

  2. NDES connector runs on a Microsoft server machine that you host.

S/MIME (Digital signature only)

  1. SCEP certificate

  2. PKCS certificate

  1. Microsoft API

  2. Microsoft NDES Connector

  1. This is a cloud-to-cloud integration.

  2. NDES connector runs on a Microsoft server machine that you host.

S/MIME (Encryption only)

PKCS imported certificate

Microsoft NDES (PFX) Connector

Intune does not support new enrollments or renewals of S/MIME escrowed certificates.

This solution feature recovers an existing S/MIME key and certificate in

PKCS12 format with its associated password and imports it to Intune for onward provisioning.

Secure Email (S/MIME Signing and Encryption)

PKCS imported certificate

Microsoft NDES (PFX) Connector

Intune does not support new enrollments or renewals of S/MIME escrowed certificates.

This solution feature recovers an existing S/MIME key and certificate in PKCS12 format with its associated password and imports it to Intune for onward provisioning.


This section covers Microsoft Profile SCEP certificate types integrated using Microsoft APIs, and describes how to integrate Microsoft Intune with DigiCert ONE DigiCert​​®​​ Trust Lifecycle Manager to issue end-entity certificates to mobile devices for client authentication.

In questa sezione: