All posts in category systems management

Always On VPN DPC 5.2.0 Now Available

I’m pleased to announce that Always On VPN Dynamic Profile Configurator (DPC) version 5.2.0 is now available. My good friend Leo D’Arcy has been hard at work for the last few months squashing some bugs and adding a few new features to DPC. If you are running a previous release of Always On VPN DPC, either open source or commercial, it’s time to upgrade.

Important!! DPC 5.2.0 has a bug that prevents the service from stopping. This has been addressed in DPC 5.2.1. Guidance for upgrading from DPC 5.2.0 to 5.2.1 can be found here.

Reminder: We’re on Discord. Join the conversation today!

What’s New in DPC 5.2.0

Always On VPN DPC 5.2.0 has some compelling new features.

  • Exclude Routes from DNS – DPC has a feature that allows administrators to add routes to the routing table using DNS. When this setting is enabled, DPC will attempt to resolve the specified hostname to an IP address and add it to the VPN’s routing table when creating the profile. With 5.2.0, this capability has been extended to exclusion routes, allowing administrators to exclude resources by host name.
  • Write Event Logs to Disk – This setting allows administrators to optionally write DPC event information to a text file in addition to logging them in the event log. Writing event log information to a text file on disk can make troubleshooting easier in some scenarios.
  • Delay Profile Updates – This new feature ensures reliable VPN profile creation after group policy updates take place.

Bug Fixes

In addition to new capabilities, Always On VPN DPC 5.2.0 includes fixes for many outstanding issues.

  • DPC name resolution issue where duplicate IP addresses are returned, resulting in failed route additions when using ‘Allow Routes from DNS’.
  • Missing events in the DPC operational event log.
  • Enabling ‘Disable Disconnect Button’ or ‘Disable Advanced Edit Button’ settings results in a profile mismatch warning.
  • Added resiliency to DPC name resolution when one or more name resolution requests fail.

Group Policy Template

As a reminder, any time there are new features in DPC, there will be corresponding changes to Group Policy administrative template and template language files. Be sure to update your ADMX and ADML files in the group policy central store to take advantage of these new capabilities in DPC 5.2.0.

Recommendation

If you are running any release of Always On VPN DPC, commercial or open source, consider upgrading now to gain access to new features and operational reliability improvements. You can find DPC v5.2.0 on GitHub here.

Additional Information

Always On VPN DPC v5.2.0 Available Now

Always On VPN Dynamic Profile Configurator (DPC)

Always On VPN DPC Now Open Source

Migrating from Always On VPN DPC Commercial to Open Source

Always On VPN DPC with Microsoft Intune

Microsoft Always On VPN on Discord

Always On VPN DPC

Leave a comment
by Richard M. Hicks on August 12, 2025  •  Permalink
Posted in administration, Always On VPN, AOVPN, AovpnDPC, Device Management, device tunnel, Discord, DNS, DPC, Dynamic Profile Configurator, Enterprise, enterprise mobility, Group Policy, Microsoft, Mobility, Name Resolution, Open Source, Operational Support, ProfileXML, Remote Access, systems management, troubleshooting, Update, user tunnel, VPN, Windows 10, Windows 11
Tagged , , , , , , , , , , ,

Posted by Richard M. Hicks on August 12, 2025

https://directaccess.richardhicks.com/2025/08/12/always-on-vpn-dpc-5-2-0-now-available/

Intune SCEP Profile Changes for Public S/MIME Certificates

Recently, the CA/Browser Forum, which is a voluntary consortium made up of public CAs, browser vendors, and other industry stakeholders, introduced new requirements for S/MIME certificates issued by public certification authorities (CAs). For organizations using Microsoft Intune SCEP device configuration profiles to enroll for these certificates, administrators must update Intune settings to ensure uninterrupted enrollment once the changes take effect.

Subject Name Changes

Beginning July 16, 2025, all public CAs will enforce these new S/MIME Baseline Requirements, mandating “Given Name” and “Surname” attributes in the Subject Name field of S/MIME certificates. By default, Intune user certificate profiles include only the “UserName” attribute in the Subject Name field.

Intune Support

Intune recently completed the rollout of these new attributes in SCEP profiles. Administrators can now update their SCEP profiles for third-party public CAs to include these new attributes for S/MIME certificates using the following supported variables.

G={{GivenName}}
SN={{SurName}}

To align with current public CA standards, include these two fields along with any other information required in the Subject name format field. Multiple values must be separated by commas without spaces, as shown in the example below.

Private CAs

Private CAs, like Active Directory Certificate Services (AD CS) or Intune Cloud PKI, are unaffected. If you are enrolling for S/MIME certificates using these services, no changes are required.

Reenrollment

It’s important to note that modifying an existing Intune SCEP profile will trigger certificate reissuance for all users and devices within the policy’s scope, which could yield unexpected results. When making changes to Intune certificate policies, it is best to create a new policy to supersede the old one, allowing administrators to pilot the new policy before its broad deployment.

Additional Information

CA/Browser Forum S/MIME Baseline Requirements

Mastering Certificates with Microsoft Intune Training August 2025

Strong Certificate Mapping for Intune PKCS and SCEP Certificates

The Case for Short-Lived Certificates in Enterprise Environments

Always On VPN SSTP and 47-Day TLS Certificates

Leave a comment
by Richard M. Hicks on July 10, 2025  •  Permalink
Posted in Active Directory Certificate Services, AD CS, ADCS, administration, Certificate Authority, Certificate Services, certificates, Cloud PKI, Compliance, Cryptography, Device Management, Encryption, Endpoint Manager, Enterprise, Intune, MDM, Microsoft, Microsoft Endpoint Manager, Microsoft Intune, Mobile Device Management, Operational Support, PKI, public cloud, public key infrastructure, SCEP, Simple Certificate Enrollment Protocol, systems management, Windows 10, Windows 11
Tagged , , , , , , , , , , , ,

Posted by Richard M. Hicks on July 10, 2025

https://directaccess.richardhicks.com/2025/07/10/intune-scep-profile-changes-for-public-smime-certificates/

Mastering Certificates with Microsoft Intune August 2025

I’m excited to announce that I will be delivering another edition of the Mastering Certificates with Microsoft Intune course, hosted by ViaMonstra Online Academy. This is a three-day live online training course that takes place August 26-28, 2025. This course dives deep into issuing and managing certificates using Microsoft Intune, covering both on-premises and cloud-based solutions.

Course Overview

This interactive training equips IT professionals with the skills to provision and manage enterprise PKI certificates using Microsoft Intune. It explores Active Directory Certificate Services (AD CS), Microsoft Cloud PKI for Intune, and non-Microsoft solutions, with live demonstrations featuring real-world scenarios.

Key Learning Objectives

Those taking the online training course will learn the following.

  • Certificate Basics: Understand certificate roles and enterprise use cases.
  • Deployment Options: Master Intune certificate deployment (Intune policies, revocation, security) and Microsoft Cloud PKI (licensing, benefits, limitations, BYOCA).
  • Intune Deployment: Learn PKCS and SCEP deployment, security best practices, and troubleshooting.
  • High Availability: Explore strategies for reliable certificate management.

Course Highlights

Here are some key highlights for attendees of the training.

  • Expert-Led: Learn from a veteran IT professional, a Microsoft MVP, with deep PKI and Intune expertise.
  • Interactive Demonstrations: The course includes numerous practical exercises in real-world scenarios.
  • Resources: Access to security best practices and sample scripts for automated configuration.
  • Community: Join a private Facebook group for peer collaboration.
  • Live Q&A: Engage directly with the instructor for a clearer understanding.

Who Should Attend?

This training event is ideal for IT administrators, security professionals, and systems engineers working with Intune, AD CS, or Microsoft Cloud PKI for Intune.

Prerequisites

Those attending the online training course should be familiar with the following.

  • Basic networking knowledge (TCP/IP, DNS).
  • Familiarity with Active Directory, Windows OS, and Intune.
  • Access to an AD CS setup and an Azure subscription with Intune Suite licenses.

Why It Matters

Certificates are vital for secure authentication and communication. This course bridges theory and practice, equipping you to deploy and manage digital certificates effectively in cloud-native environments.

Details

Here is some additional information about the training event.

  • When: August 26-28, 2025 (sessions begin at 9:00 AM CDT).
  • Where: Live online via ViaMonstra Online Academy.
  • Cost: $2,395.00 (Sold separately – not included in All-Access Pass).

Why ViaMonstra?

ViaMonstra delivers top-tier IT training from Microsoft MVPs, focusing on practical, up-to-date skills and fostering a collaborative community.

Take the Next Step

Ready to master certificate management with Microsoft Intune? Register at ViaMonstra Online Academy for the August 2025 Mastering Certificates with Microsoft Intune training course today!

1 Comment
by Richard M. Hicks on June 27, 2025  •  Permalink
Posted in Active Directory, Active Directory Certificate Services, AD CS, administration, authentication, Azure Active Directory, Azure AD, CBA, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, Certificate-Based Authentication, certificates, cloud, Cloud PKI, Cloud Service, Cryptography, Deployment, Device Management, education, Encryption, Endpoint Manager, Enterprise, enterprise mobility, Entra, Entra CBA, Entra Certificate-Based Authentication, Entra ID, Infrastructure, Intune, Intune Certificate Connector, Intune PFX Connector, learning, MDM, MEM, Microsoft, Microsoft Endpoint Manager, Microsoft Entra, Microsoft Entra ID, Microsoft Intune, Mobile Device Management, Mobility, NDES, Network Device Enrollment Service, Network Device Enrollment Services, Operational Support, PFX Connector, PKCS, PKI, public cloud, public key infrastructure, SCEP, Security, Simple Certificate Enrollment Protocol, systems management, Training, troubleshooting, Trusted Platform Module, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
Tagged , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on June 27, 2025

https://directaccess.richardhicks.com/2025/06/27/mastering-certificates-with-microsoft-intune-august-2025/

« Older Posts
Newer Posts »