All posts in category MEMCM

Arizona Systems Management User Group March 2025

I’m excited to announce that I’ll be speaking at the Arizona Systems Management User Group (AZSMUG) at their next user group meeting on Friday, March 7, at 9:00 AM MST. I am presenting on the topic of Certificate Deployment Strategies with Microsoft Intune.

Intune and Certificates

My session at AZSMUG will provide an overview of issuing and managing certificates with Microsoft Intune. We’ll begin by examining common scenarios for certificate authentication and explore various delivery methods, including PKCS and SCEP. Additionally, we’ll discuss supporting technologies such as the Network Device Enrollment Service (NDES) and review deployment strategies and high availability options for the Intune Certificate Connector. The session will also cover Cloud PKI for Intune, integration with on-premises Active Directory, and best practices for securing certificate lifecycles and key management in enterprise environments.

Register Now

If you are in the Phoenix area and would like to attend the user group meeting on Friday, March 7, you will find the registration link here. Hope to see you there!

Additional Information

Arizona Systems Management User Group

Intune and Certificates Masterclass

Leave a comment
by Richard M. Hicks on February 14, 2025  •  Permalink
Posted in Active Directory, Active Directory Certificate Services, AD CS, ADCS, administration, authentication, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, Certificate-Based Authentication, certificates, cloud, Cloud PKI, Entra, Entra Certificate-Based Authentication, Event, InTune, Intune Certificate Connector, Intune PFX Connector, learning, MDM, MEM, MEMCM, Microsoft, Microsoft Endpoint Manager, Microsoft Entra, Microsoft Entra ID, Microsoft Intune, Mobile Device Management, Mobility, NDES, Network Device Enrollment Service, Network Device Enrollment Services, network policy server, NPS, PFX Connector, PKCS, PKI, public key infrastructure, SCCM, SCEP, Security, Simple Certificate Enrollment Protocol, System Center Configuration Manager, systems management, Windows 10, Windows 11
Tagged , , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on February 14, 2025

https://directaccess.richardhicks.com/2025/02/14/arizona-systems-management-user-group-march-2025/

Always On VPN DPC Open Source

Recently, I wrote about the demise of PowerON Platforms, the company behind the popular Always On VPN Dynamic Profile Configurator (DPC) software that allows administrators to deploy and manage Always On VPN client configuration settings using Active Directory Group Policy or Microsoft Intune with custom ADMX/ADML. Initially, the future of DPC was uncertain. However, I’m happy to announce that DPC will continue to be developed.

We’re on Discord! Join the conversation: https://discord.aovpndpc.com/.

DPC Open Source

The lead developer of DPC and my good friend Leo D’Arcy retained the source code for the product and has been working diligently to decommercialize the software. That work has been completed, and Always On VPN DPC is now available via open source. You can find the source code for DPC on GitHub here.

DPC Features

This initial open-source release (version 5.0.0) contains no significant new features or functionality. Most of the development efforts focused on removing references to PowerON Platforms (registry paths, binary names, etc.).

Support

Today, DPC support is community-based. You can report issues on the GitHub issues page for DPC. In addition, you can ask questions about DPC on Discord in the Microsoft Remote Access UG. Leo and I will monitor the group closely and answer any questions you might have there.

Deployment

If you’re not a DPC user today, I encourage you to have a look at its impressive feature set. Not only does DPC make Always On VPN deployment and management easier, but it also includes many advanced capabilities that will make connections more stable and reliable. Here are some links to articles outlining some of those advanced features.

Migration

If you already have a previous commercial release of Always On VPN DPC deployed, migrating to the new open-source DPC is straightforward. You will find guidance for migrating your existing DPC configuration here.

Contribute

Now that DPC is open source, we encourage everyone to contribute. If you have development skills, feel free to help. If you have feedback or feature requests, don’t hesitate to submit them!

Learn More

Are you interested in learning more about Always On VPN DPC? Would you like a personal demonstration of DPC’s features and capabilities? Do you need help migrating from a previous release to the new open-source software? Fill out the form below and I’ll contact you with more information.

Additional Information

Always On VPN DPC Open Source on GitHub

PowerON Platforms Are No More

6 Comments
by Richard M. Hicks on December 2, 2024  •  Permalink
Posted in Active Directory, administration, Always On VPN, Always On VPN DPC, AOVPN, AovpnDPC, Deployment, Device Management, device tunnel, DPC, Dynamic Profile Configurator, Endpoint Manager, Enterprise, enterprise mobility, GitHub, Group Policy, InTune, MDM, MEM, MEMCM, Microsoft, Microsoft Endpoint Manager, Microsoft Intune, Mobile Device Management, Mobility, Open Source, Operational Support, Remote Access, user tunnel, Windows 10, Windows 11
Tagged , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on December 2, 2024

https://directaccess.richardhicks.com/2024/12/02/always-on-vpn-dpc-open-source/

Microsoft Cloud PKI for Intune SCEP URL

Earlier this year, Microsoft announced Cloud PKI for Intune, a cloud service for issuing and managing digital certificates for Intune-managed endpoints. With Cloud PKI for Intune, administrators no longer need to deploy on-premises infrastructure to use certificates for user and device-based authentication for workloads such as Wi-Fi and VPN. Cloud PKI for Intune can be used standalone (cloud native) or integrated with an existing on-premises Active Directory Certificate Services (AD CS) enterprise PKI to extend an existing on-premises certificate services infrastructure.

Provisioning

Cloud PKI for Intune utilizes Simple Certificate Enrollment Protocol (SCEP) to enroll certificates for users and devices. To deploy Intune Cloud PKI certificates, administrators must create and deploy a SCEP Certificate device configuration policy in Intune.

SCEP URL

When creating the SCEP certificate device configuration policy in Intune, administrators are asked to supply the SCEP server URL. Administrators will find this information by opening the Intune management console, navigating to Tenant Administration > Cloud PKI, clicking on the issuing certification authority, and then clicking Properties.

Administrators may notice the URL is unreachable if they try to connect to it using their web browser or PowerShell. Specifically, the FQDN is not shown in the URI; instead, it is represented as the variable {{CloudPKIFQDN}}, as highlighted above.

Policy Configuration

You can safely ignore this as it is not an error or misconfiguration. Simply copy and paste the entire URL into your SCEP certificate device configuration profile as is. Intune in the background will convert this to a fully formed URL with a proper FQDN accessible from the public Internet. This variable is used because it allows Microsoft to use different resources dynamically according to geography and availability.

Additional Information

RFC 8894 – Simple Certificate Enrollment Protocol

Microsoft Cloud PKI for Intune

Microsoft Cloud PKI for Intune and Active Directory

Microsoft Cloud PKI for Intune and Certificate Templates

2 Comments
by Richard M. Hicks on June 25, 2024  •  Permalink
Posted in Active Directory, Active Directory Certificate Services, AD CS, ADCS, administration, authentication, Azure Active Directory, Azure AD, Azure AD Join, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, certificates, cloud, Cloud PKI, Cloud Service, Cryptography, Enterprise, enterprise mobility, Entra, Entra ID, Infrastructure, InTune, MDM, MEM, MEMCM, Microsoft, Microsoft Endpoint Manager, Microsoft Entra, Microsoft Entra ID, Microsoft Intune, Mobile Device Management, Mobility, PKI, public cloud, public key infrastructure, SCEP, Security, Simple Certificate Enrollment Protocol, systems management, VPN, Windows 10, Windows 11
Tagged , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on June 25, 2024

https://directaccess.richardhicks.com/2024/06/25/microsoft-cloud-pki-for-intune-scep-url/

« Older Posts