Endpoint management
Microsoft Intune

Configure Intune configuration profiles

5min
this section explores the following tasks export the root certificate enable automatic device enrollment in intune export the root certificate log in to your ad cs ca server and launch an elevated command prompt run the following command certutil ca cert c \root cer set the certificate aside, so you can use it later when setting up the trusted certificate profile in intune create intune trusted certificate profile in a web browser, go to https //intune microsoft com/ and log in from the main page, select devices > windows and select \[ configuration profiles ] select \[ create profile ] and enter the following settings setting required configuration platform windows 10 and later profile type templates template name trusted certificate select \[ create ] on the basics page, enter your profile name and description select \[ next ] on the configuration settings page, browse for and upload the root cer you exported earlier set the destination store to computer certificate store root select \[ next ] on the assignments page, set which devices and users you want to be included in this policy select \[ next ] on the applicability rules page, you can designate rules that systems have to meet for the policy to be applied select \[ next ] on the review + create page, verify your configuration settings and select \[ create ] create intune scep certificate profile in a web browser, go to https //intune microsoft com/ and log in from the main page, select devices > windows and select \[ configuration profiles ] select \[ create profile ] and enter the following settings setting required configuration platform windows 10 and later profile type templates template name scep select \[ create ] on the basics page, enter your profile name and description select \[ next ] on the configuration settings page, use the following settings setting required configuration certificate type device subject name cn={{aad device id}} certificate validity 2 years key storage provider (ksp) enroll to trusted platform module (tpm) ksp if present, otherwise software ksp key usage key encipherment, digital signature key size (bits) 2048 hash algoritihim sha 2 root certificate name of root certificate from previous section extended key usage client authentication scep server urls https //\<ndes external url fqdn as shown in your azure app proxy list>/certsrv/mscep/mscep dll (i e , https //ndesserver intune fx com/certsrv/mscep/mscep dll) after entering all the necessary configuration settings, select \[ next ] on the assignments page, set which devices and users you would like to be included in this policy select \[ next ] on the applicability rules page, you can designate rules that systems have to meet for the policy to be applied select \[ next ] on the review + create page, verify your configuration and select \[ create ] enable automatic device enrollment in intune in a web browser, go to https //intune microsoft com/ and log in on the main page, go to devices > enroll devices and select \[ automatic enrollment ] set the mdm user scope to all and select \[ save ] for more information on configuring intune certificate profiles, refer to the microsoft documentation
Updated 07 Oct 2024
Did this page help you?
PREVIOUS
Install the Intune certificate connector
NEXT
Generic
Docs powered by Archbee