You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/protect/certificates-pfx-configure.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,11 +1,11 @@
1
1
---
2
-
title: Use private and public key certificates in Microsoft Intune
2
+
title: Use a PKCS certificate profile to provision devices with certificates in Microsoft Intune
3
3
description: Use Public Key Cryptography Standards (PKCS) certificates with Microsoft Intune, work with root certificates and certificate templates, and use device configuration profiles for a PKCS Certificate.
4
4
keywords:
5
5
author: brenduns
6
6
ms.author: brenduns
7
7
manager: dougeby
8
-
ms.date: 02/28/2022
8
+
ms.date: 05/03/2022
9
9
ms.topic: how-to
10
10
ms.service: microsoft-intune
11
11
ms.subservice: protect
@@ -28,7 +28,7 @@ ms.collection:
28
28
---
29
29
# Configure and use PKCS certificates with Intune
30
30
31
-
Microsoft Intune supports the use of private and public key pair (PKCS) certificates. To help you use PKCS certificates, this article reviews what's required, and can help you export a PKCS certificate, and then add the certificate to an Intune device configuration profile.
31
+
Microsoft Intune supports the use of private and public key pair (PKCS) certificates. This article reviews what's required to use PKCS certificates with Intune, including the export of a PKCS certificatethen adding it to an Intune device configuration profile.
32
32
33
33
Microsoft Intune includes built-in settings to use PKCS certificates for access and authentication to your organizations resources. Certificates authenticate and secure access to your corporate resources like a VPN or a WiFi network. You deploy these settings to devices using device configuration profiles in Intune.
34
34
@@ -195,7 +195,7 @@ Before you begin, [review requirements for the connector](certificate-connectors
195
195
196
196
8. Select **Next**.
197
197
198
-
9. In **Assignments**, select the user or device group(s) that will be assigned the profile. For more granularity see [Create filters in Microsoft Intune](https://go.microsoft.com/fwlink/?linkid=2150376) and apply them by selecting *Edit filter*. Plan to deploy this certificate profile to the same groups that receive the PKCS certificate profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md).
198
+
9. In **Assignments**, select the user or device group(s) that will be assigned the profile. For more granularity, see [Create filters in Microsoft Intune](https://go.microsoft.com/fwlink/?linkid=2150376) and apply them by selecting *Edit filter*. Plan to deploy this certificate profile to the same groups that receive the PKCS certificate profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md).
199
199
200
200
Select **Next**.
201
201
@@ -243,7 +243,7 @@ Before you begin, [review requirements for the connector](certificate-connectors
243
243
|Setting | Platform | Details |
244
244
|------------|------------|------------|
245
245
|**Renewal threshold (%)**|<ul><li>All |Recommended is 20% |
246
-
|**Certificate validity period**|<ul><li>All |If you didn't change the certificate template, this option may be set to one year. <br><br> Use a validity period of five days or up to 24 months. When the validity period is less than five days, there is a high likelihood of the certificate entering a near-expiry or expired state, which can cause the MDM agent on devices to reject the certificate before it’s installed. |
246
+
|**Certificate validity period**|<ul><li>All |If you didn't change the certificate template, this option may be set to one year. <br><br> Use a validity period of five days or up to 24 months. When the validity period is less than five days, there's a high likelihood of the certificate entering a near-expiry or expired state, which can cause the MDM agent on devices to reject the certificate before it’s installed. |
247
247
|**Key storage provider (KSP)**|<ul><li>Windows 10/11 |For Windows, select where to store the keys on the device. |
248
248
|**Certification authority**|<ul><li>All |Displays the internal fully qualified domain name (FQDN) of your Enterprise CA. |
249
249
|**Certification authority name**|<ul><li>All |Lists the name of your Enterprise CA, such as "Contoso Certification Authority". |
@@ -319,7 +319,7 @@ Platforms:
319
319
320
320
That example includes a subject name format that uses the CN and E variables, and strings for Organizational Unit, Organization, Location, State, and Country values. [CertStrToName function](/windows/win32/api/wincrypt/nf-wincrypt-certstrtonamea) describes this function, and its supported strings.
321
321
322
-
User attributes are not supported for devices that don’t have user associations, such as devices that are enrolled as Android Enterprise dedicated. For example, a profile that uses *CN={{UserPrincipalName}}* in the subject or SAN won’t be able to get the user principal name when there is no user on the device.
322
+
User attributes aren't supported for devices that don’t have user associations, such as devices that are enrolled as Android Enterprise dedicated. For example, a profile that uses *CN={{UserPrincipalName}}* in the subject or SAN can't get the user principal name when there isn't a user on the device.
323
323
324
324
-**Device certificate type**
325
325
Format options for the Subject name format include the following variables:
0 commit comments