Configure Active Directory Services - NDES

perform the following steps to configure the new installation of ad cs with network device enrollment service select start > administrative tools > server manager select the flag icon to the left of manage select \[ configure active directory certificate services ] on the destination on the credentials page, ensure your login meets the displayed requirements select \[ next ] on the select role services page, select \[ network device enrollment service ] select \[ next ] on the service account for ndes page, select \[ select ] and log in using the domain administrator you have designated as your service account select \[ ok ] on the ca for ndes page, select \[ ca name ] and then \[ select ] select your adcs enterprise ca and select \[ ok ] on the ra information page, you can either keep the suggested ra name or change it enter the optional information required by your organization select \[ next ] on the cryptography for ndes page, select \[ microsoft strong cryptographic provider ] for both the signature key provider and the encryption key provider select \[ next ] on the confirmation page, select \[ configure ] set the spn after configuring ad cs ndes, perform the following steps to set the spn of the service account on the server that hosts the ndes service, run the following command in an elevated command prompt this sets the spn of the ndes service account setspn s http/\<dns name of the computer that hosts the ndes service> \<domain name>\\\<ndes service account name example setspn s http/ndesintune intune fx com intune\administrator restart the ndes server after restarting, go to the following url http //\<server fqdn>/certsrv/mscep/mscep dll you should see a network device enrollment services page in your web browser for more information on installing and configuring active directory certificate services ndes, refer to the microsoft documentation