0%

CBE Configuration Guide (Intune)

Configuration for CBE

Follow this guide to set up Certificate Deployment with Intune.

Root Certificate

  1. Download and save your CA Certificate (.cer).

  2. Go to Intune > Devices > Windows > Configuration profiles.

  3. Create a profile for Windows 8.1 and later with type Trusted certificate in Microsoft Intune

  4. Upload your previously downloaded .cer file.

  5. Please choose All Users and/or All Devices or a dedicated group for assignment.

User Client Certificates

  1. Create a profile for Windows 8.1 and later with type SCEP certificate in Microsoft Intune

  2. Certificate type: User

  3. Subject Name format : CN = {{UserName}}, E={{EmailAddress}}

  4. Subject alternative name : User principal name (UPN), '{{UserPrincipalName}}'

  5. Certificate Validity Period : 1 year

  6. KSP : Enroll to Trusted Platform Module (TPM) KSP, otherwise fail

  7. Key usage : Digital signature and Key encipherment

  8. Key size : 2048

  9. Hash algorithm : SHA-2

  10. Root certificate : Profile created from before

  11. Extended key use : Client Authentication.

You're all setup!🥳

You can check the certificate deployment by logging into your device and checking the Certificate Manager.

0%