Skip to content

Commit 4b66bb8

Browse files
Merge pull request #8492 from wicale/patch-4
Update certificates-profile-scep.md
2 parents 36ed02a + 469aab5 commit 4b66bb8

1 file changed

Lines changed: 23 additions & 5 deletions

File tree

memdocs/intune/protect/certificates-profile-scep.md

Lines changed: 23 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -57,11 +57,26 @@ Devices that run Android Enterprise might require a PIN before SCEP can provisio
5757

5858
SCEP certificate profiles for the *Fully Managed, Dedicated, and Corporate-Owned Work Profile* profile have the following limitations:
5959

60-
1. Under Monitoring, certificate reporting isn't available for Device Owner SCEP certificate profiles.
60+
1. Under Monitoring, certificate reporting isn't available for **Device Owner** SCEP certificate profiles.
61+
1. You can't use Intune to revoke certificates that were provisioned by SCEP certificate profiles for **Device Owner**. You can manage revocation through an external process or directly with the certification authority.
62+
1. For Android Enterprise dedicated devices, SCEP certificate profiles are supported for Wi-Fi network configuration, VPN, and authentication. SCEP certificate profiles on Android Enterprise dedicated devices aren't supported for app authentication.
6163

62-
2. You can't use Intune to revoke certificates that were provisioned by SCEP certificate profiles for Device Owners. You can manage revocation through an external process or directly with the certification authority.
64+
For **Android (AOSP)**, the following limitations apply:
6365

64-
3. For Android Enterprise dedicated devices, SCEP certificate profiles are supported for Wi-Fi network configuration, VPN, and authentication. SCEP certificate profiles on Android Enterprise dedicated devices aren't supported for app authentication.
66+
1. Under Monitoring, certificate reporting isn't available for **Device Owner** SCEP certificate profiles.
67+
1. You can't use Intune to revoke certificates that were provisioned by SCEP certificate profiles for **Device Owners**. You can manage revocation through an external process or directly with the certification authority.
68+
1. SCEP certificate profiles are supported for Wi-Fi network configuration. VPN configuration profile support is not available. A future update may include support for VPN configuration profiles.
69+
1. The following 3 variables are not available for use on Android (AOSP) SCEP certificate profiles. Support for these variables will come in a future update.
70+
- onPremisesSamAccountName
71+
- OnPrem_Distinguished_Name
72+
- Department
73+
74+
> [!NOTE]
75+
> **Device Owner** is equivalent to Corporate Owned devices. The following are considered as Device Owner:
76+
> - Android Enterprise - Fully Managed, Dedicated, and Corporate-Owned Work Profile
77+
> - Android AOSP
78+
> - User-affinity
79+
> - User-less
6580
6681
4. Select **Create**.
6782

@@ -75,7 +90,7 @@ Devices that run Android Enterprise might require a PIN before SCEP can provisio
7590

7691
- **Certificate type**:
7792

78-
*(Applies to: Android, Android Enterprise, iOS/iPadOS, macOS, Windows 8.1, and Windows 10/11)*
93+
*(Applies to: Android, Android Enterprise, Android (AOSP), iOS/iPadOS, macOS, Windows 8.1, and Windows 10/11)*
7994

8095
Select a type depending on how you'll use the certificate profile:
8196

@@ -259,9 +274,12 @@ Devices that run Android Enterprise might require a PIN before SCEP can provisio
259274

260275
- **Hash algorithm**:
261276

262-
*(Applies to Android, Android enterprise, Windows 8.1, and Windows 10/11)*
277+
*(Applies to Android, Android (AOSP), Android enterprise, Windows 8.1, and Windows 10/11)*
263278

264279
Select one of the available hash algorithm types to use with this certificate. Select the strongest level of security that the connecting devices support.
280+
281+
NOTE: Android AOSP and Android Enterprise devices will select the strongest algorithm supported - SHA-1 will be ignored, and SHA-2 will be used instead.
282+
265283

266284
- **Root Certificate**:
267285

0 commit comments

Comments
 (0)