The goal of this procedure is to configure a DigiCert® Trust Lifecycle Manager certificate profile that will work in conjunction with an Intune device configuration profile.
Use the following base templates to create certificate profiles in Trust Lifecycle Manager for issuing Intune authentication certificates via SCEP.
Base template | Seat type |
|---|---|
| |
| |
| |
1. This template is limited. If not already present, contact your platform representative to assign the template to your account. | |
For these base templates, the profile creation wizard defaults to the SCEP enrollment method and Azure Auth authentication method.
In the Authentication method section, select the Microsoft Intune connector for the Intune tenant that will request certificates from Trust Lifecycle Manager via its SCEP service.
Once the certificate profile is created in Trust Lifecycle Manager, you will receive a corresponding SCEP Server URL that can be used to issue certificates from that profile via SCEP. You will need this to configure the corresponding device configuration profiles in Intune to get certificates from this DigiCert certificate profile.
The following table describes the format of the SCEP URL to be used by Intune supported device platforms.
Device platform | DigiCert SCEP Server URL format | Example |
|---|---|---|
iOS/iPadOS Android macOS | Use the default SCEP service endpoint as displayed in the DigiCert Certificate Profile https://<HOST>/mpki/api/v1/scep/<UUID>/cgi-bin/pkiclient.exe | |
Windows (User Store) |
https://<HOST>/mpki/api/v1/scep/<UUID>/cgi-bin | |
Windows (Computer Store) |
https://<HOST>/mpki/api/v1/scep/<UUID>/cgi-bin | or |
More information specific to the DigiCert® Trust Lifecycle Manager use case can be found in the following sections and should be used in conjunction with the Microsoft documentation: Use SCEP certificate profiles with Microsoft Intune | Microsoft Docs.
The general workflow for creating an Intune device configuration profile consists of the following sections:
Basics
Configuration settings
Assignments
Applicability Rules (Applies to Windows 10/11 only)
The following sections in this guide focus on the Configuration settings which determine the certificate details in conjunction with the corresponding certificate profile. For other non-certificate related aspects, refer to the Microsoft documentation.