You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Made a number of changes to the doc page related to AOSP, and a recent discovery that SHA-1 hash algorithm option is ignored on AE, and AOSP - SHA-2 is used instead.
Copy file name to clipboardExpand all lines: memdocs/intune/protect/certificates-profile-scep.md
+29-7Lines changed: 29 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -57,11 +57,30 @@ Devices that run Android Enterprise might require a PIN before SCEP can provisio
57
57
58
58
SCEP certificate profiles for the *Fully Managed, Dedicated, and Corporate-Owned Work Profile* profile have the following limitations:
59
59
60
-
1. Under Monitoring, certificate reporting isn't available for Device Owner SCEP certificate profiles.
61
-
62
-
2. You can't use Intune to revoke certificates that were provisioned by SCEP certificate profiles for Device Owners. You can manage revocation through an external process or directly with the certification authority.
63
-
64
-
3. For Android Enterprise dedicated devices, SCEP certificate profiles are supported for Wi-Fi network configuration, VPN, and authentication. SCEP certificate profiles on Android Enterprise dedicated devices aren't supported for app authentication.
60
+
a. Under Monitoring, certificate reporting isn't available for **Device Owner** SCEP certificate profiles.
61
+
62
+
b. You can't use Intune to revoke certificates that were provisioned by SCEP certificate profiles for **Device Owner**. You can manage revocation through an external process or directly with the certification authority.
63
+
64
+
c. For Android Enterprise dedicated devices, SCEP certificate profiles are supported for Wi-Fi network configuration, VPN, and authentication. SCEP certificate profiles on Android Enterprise dedicated devices aren't supported for app authentication.
65
+
66
+
For **Android (AOSP)**, the following limitations apply:
67
+
a. Under Monitoring, certificate reporting isn't available for **Device Owner** SCEP certificate profiles.
68
+
b. You can't use Intune to revoke certificates that were provisioned by SCEP certificate profiles for **Device Owners**. You can manage revocation through an
69
+
external process or directly with the certification authority.
70
+
c. SCEP certificate profiles are supported for Wi-Fi network configuration. VPN configuration profile support is not available. A future update may include
71
+
support for VPN configuration profiles.
72
+
d. The following 3 variables are not available for use on Android (AOSP) SCEP certificate profiles. Support for these variables will come in a future update.
73
+
· onPremisesSamAccountName
74
+
· OnPrem_Distinguished_Name
75
+
· Department
76
+
77
+
NOTE: **Device Owner** is equivalent to Corporate Owned devices. The following are considered as Device Owner:
78
+
• Android Enterprise - Fully Managed, Dedicated, and Corporate-Owned Work Profile
@@ -75,7 +94,7 @@ Devices that run Android Enterprise might require a PIN before SCEP can provisio
75
94
76
95
-**Certificate type**:
77
96
78
-
*(Applies to: Android, Android Enterprise, iOS/iPadOS, macOS, Windows 8.1, and Windows 10/11)*
97
+
*(Applies to: Android, Android Enterprise, Android (AOSP), iOS/iPadOS, macOS, Windows 8.1, and Windows 10/11)*
79
98
80
99
Select a type depending on how you'll use the certificate profile:
81
100
@@ -259,9 +278,12 @@ Devices that run Android Enterprise might require a PIN before SCEP can provisio
259
278
260
279
-**Hash algorithm**:
261
280
262
-
*(Applies to Android, Android enterprise, Windows 8.1, and Windows 10/11)*
281
+
*(Applies to Android, Android (AOSP), Android enterprise, Windows 8.1, and Windows 10/11)*
263
282
264
283
Select one of the available hash algorithm types to use with this certificate. Select the strongest level of security that the connecting devices support.
284
+
285
+
NOTE: Android AOSP and Android Enterprise devices will select the strongest algorithm supported - SHA-1 will be ignored, and SHA-2 will be used instead.
0 commit comments