Regarding the deployment of SCEP certificate


Hi All,

I’ve come across several posts regarding the deployment of SCEP certificates to Windows devices and the configuration of NDES for SCEP certificates. I’m interested in understanding the benefits of setting up this system. The information available online lacks clarity, so I’m seeking insights from individuals who have implemented it and have experienced its advantages.

Posted by Anonymous member in HTMD FB Group

Answers ( 2 )

  1. Replied by Anonymous member

    Marty Mendez, Thanks for clarifying that

    Replied by Leo Bounds

    I had to set this up to deliver the certificate for VPN use during hybrid AD join autopilot. You might want to have a look at this guide in addition to the Microsoft documentation

  2. Replied by Marty Mendez

    We have it stood up to auth against the network. Beware if you are attempting to use it for user certs, the root certs need to target all users and devices for that to deploy, not group targeted.

    Replied by Steven Hosking

    Marty Mendez, that’s incorrect, the root cert does not need to be deployed to all users and devices. But in testing, we have found it to be far more successful if you use the same group for both the root and scalp policy, especially targeting the same object type

    Replied by Marty Mendez

    Steven Hosking is true while we thought that we ran into issues seems more like a backend infrastructure flaw within Intune for now until we targeted all vs. groups, The step still applies to groups fine in our setup anyway

Leave an answer

Sorry, you do not have permission to answer to this question .