For sample guidance, see the following section.ĭeploy to the device, a trusted root certificate profile that references the trusted root certificate that you’ve installed on the device.ĭeploy a SCEP certificate profile to the device that references the trusted root certificate profile. Manually provision the device with the trusted root certificate. This limitation doesn't apply to Samsung Knox.īecause SCEP certificate profiles require both the trusted root certificate be installed on a device, and must reference a trusted certificate profile that in turn references that certificate, use the following steps to work around this limitation: For more information, read Ending support for Android device administrator on GMS devices.īeginning with Android 11, you can no longer use a trusted certificate profile to deploy a trusted root certificate to devices that are enrolled as Android device administrator. If you currently use device administrator management, we recommend switching to another Android management option in Intune before support ends. After that date, device enrollment, technical support, bug fixes, and security fixes will be unavailable. Microsoft Intune is ending support for Android device administrator management on devices with access to Google Mobile Services (GMS) on August 30, 2024. When a device doesn't trust the root CA, the SCEP or PKCS certificate profile policy will fail.Ĭreate a separate trusted certificate profile for each device platform you want to support, just as you'll do for SCEP, PKCS, and PKCS imported certificate profiles. Deploying a trusted certificate profile to devices ensures this trust is established. PKCS imported certificate profiles don't directly reference the trusted certificate profile but can use it on the device. PKCS certificate profiles don't directly reference the trusted certificate profile but do directly reference the server that hosts your CA. SCEP certificate profiles directly reference a trusted certificate profile. This includes profiles like those for VPN, Wi-Fi, and email. Deploying a trusted certificate profile to the same groups that receive the other certificate profile types ensures that each device can recognize the legitimacy of your CA. Create trusted certificate profilesĬreate and deploy a trusted certificate profile before you create a SCEP, PKCS, or PKCS imported certificate profile. cer file when you create trusted certificate profiles to deploy that certificate to your devices. You'll need to export the public certificate as a DER-encoded. To export the certificate, refer to the documentation for your Certification Authority. You can get these certificates from the issuing CA, or from any device that trusts your issuing CA. To establish trust, export the Trusted Root CA certificate, and any intermediate or issuing Certification Authority certificates, as a public certificate (.cer). To use PKCS, SCEP, and PKCS imported certificates, devices must trust your root Certification Authority. Trusted certificate profiles are supported for Windows Enterprise multi-session remote desktops.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |