Create an Azure Based Certificate Authority for Intune In Minutes
Create an Azure Based Certificate Authority for Intune In Minutes with EZCA
For many years, Users have been asking for an Azure based PKI that can issue SCEP certificates for Intune. Today we are happy to announce that our Azure based CA can now issue SCEP certificates for Intune.
With this integration, organizations can now use passwordless authentication for their Virtual Private Network (VPN), network infrastructure, and more, without the need for a large on-premises infrastructure. This includes eliminating the need for domain controllers, certificate authorities, hardware security modules (HSMs), certificate revocation list (CRL) servers, and SCEP servers.
By leveraging Keytos’s Azure-based PKI solution, organizations can now easily and securely issue and manage SCEP certificates for Intune, without the need for a large team to maintain and manage their infrastructure. This aligns with Keytos and Microsoft’s shared vision of allowing organizations to go fully passwordless in a cloud-only environment, democratizing cybersecurity by lowering the barriers of entry and enabling organizations to have a secure and compliant infrastructure without the need for a large team to maintain it.
What is SCEP
Before we get started we must understand what is Simple Certificate Enrollment Protocol (SCEP). SCEP is a certificate enrollment standard that enables devices to issue certificates by using a key provided by a 3rd party. The Certificate Authority (CA) must be able to communicate with this trusted third party (in this case Intune) to validate that the key provided by the device is allowed to request a certificate.
Getting Started
We bet you are as excited as we are for this new integration, so we wanted to share with you the necessary steps to get your Intune SCEP certificate distribution up and running:
1) Register the Keytos Application in your Tenant & Register the EZCA Intune Application in your Tenant This will allow EZCA to authenticate your users and check the certificate request status in Intune to issue certificates to your Intune Managed devices.
2) Create your EZCA Instance In Azure.
3) Once you have your EZCA instance you are ready to create your Intune CA.
4) Finally create your Intune device profiles and start issuing secure certificates to your user’s devices.
Conclusion
While in this blog we only talk about the new Intune integration, EZCA also offers other features that make it the best PKI solution for Azure customers such as: Our Automatic Azure Application Certificate rotation with Key vault, Azure IoT (Internet of Things) one click integration, ADCS CA management, and local ACME integration.
In conclusion, Keytos’s Azure-based PKI solution is a game-changer for organizations looking to secure their devices and networks with passwordless authentication. Our solutions allow you to go fully passwordless without the need for a large on-premises infrastructure or custom tooling, making it the most cost-effective way to secure your Azure infrastructure.
If you would like to learn more or talk to a PKI expert about setting up your own Intune CA, you can Talk to a PKI expert for FREE. We are here to help you on your passwordless journey, and ensure that your PKI is set up properly and securely.
Join our Newsletter
*** This is a Security Bloggers Network syndicated blog from Keytos authored by Keytos. Read the original post at: https://blog.keytos.io/2023/01/31/Azure-Intune-SCEP-Certificate-Authority.html