Before setting up the Microsoft Intune SCEP integration with DigiCert® Trust Lifecycle Manager, make sure the following prerequisites are in place.
Intune tenant must have Azure Active Directory services enabled.
Intune account must be configured for Intune MDM Authority.
To issue certificates to Apple iOS/iPadOS and macOS devices, the Intune account must be configured with an Apple MDM Push Certificate.
To include user security identifier (SID) values in client authentication certificates issued from Trust Lifecycle Manager, the On-premises sync enabled flag must be set to Yes for the users in Intune.
You need a Microsoft Intune connector for the Intune tenant in Azure that will get certificates from Trust Lifecycle Manager via its SCEP service.
Your Trust Lifecycle Manager account must include one or more of the following certificate templates and you must have at least one seat of the appropriate seat type available for the type of certificates you want to issue.
DigiCert certificate template
Seat type
Device Authentication for Microsoft Intune (SCEP)Public S/MIME (Digital Signature only) for Intune (via CertCentral)1User Client Authentication for Microsoft Intune (SCEP)1. This template is limited. If not already present, contact your platform representative to assign the template to your account.