This guide provides instruction for enrollment and validation of Microsoft Intune device certificates using EJBCA. Intune can connect directly to the EJBCA RA, and is set up as a SCEP alias.
SCEP Management Solution
Microsoft Intune provides a SCEP management solution using an open source library with API's that allow third-party CAs to issue and validate certificates.
For more information, refer to the Microsoft docs on Use APIs to add third-party CAs for SCEP to Intune.
Intune requires the SCEP server to do an Active Directory (AD) lookup for the user before generating a certificate. The EJBCA connector does this by connecting to Intune to validate the SCEP request before the certificate is issued.
The Microsoft Intune Device Certificate Enrollment is configured in the following steps:
Note that this guide covers Windows 10 device enrollments. For more information on requirements, see Certificate Enrollment Requirements.