Free Entra Certificate-Based Authentication Training Course

I’m pleased to announce I’ll present a FREE online training course on Microsoft Entra Certificate-Based Authentication (CBA). The course will be delivered through the ViaMonstra Online Academy on Wednesday, November 6, beginning at 10:00 AM CST. Once again, this training course is entirely FREE, so don’t hesitate to register now! If you can’t attend the live session, you can always view the presentation recording later.

Course Highlights

Join me for this 90-minute live, online training session where you will learn:

  • How certificate-based authentication offers more robust protection than passwords alone and mitigates phishing and MFA bypass risks
  • How Entra CBA enables a seamless, passwordless user experience while maintaining high security and assurance
  • How Entra CBA eliminates the need for physical authentication devices such as FIDO keys or security tokens, reducing costs and complexity
  • How to configure and manage affinity binding and authentication strength policies for Entra CBA

When you attend the live event, you’ll have the opportunity to ask questions directly during the presentation, so be sure to register today and join us for this free training session!

Additional Information

Mini-Course – Microsoft Entra Certificate-Based Authentication

Cloud PKI for Microsoft Intune on RunAs Radio

Recently, I joined my good friend Richard Campbell on his popular RunAs Radio podcast. In this episode, we discussed Microsoft’s new Cloud PKI for Intune service. Cloud PKI for Intune is a PKI-as-a-service solution that allows organizations to issue and manage digital certificates without deploying on-premises infrastructure. Optionally, Cloud PKI for Intune supports integration with an existing on-premises PKI. Cloud PKI for Intune isn’t without a few drawbacks, though. We discuss all the benefits and limitations during this podcast, so be sure to listen!

Additional Information

Cloud PKI for Microsoft Intune on RunAs Radio Episode 943

Overview of Cloud PKI for Microsoft Intune

Cloud PKI for Microsoft Intune and Active Directory

Cloud PKI for Microsoft Intune SCEP URL

Cloud PKI for Microsoft Intune and Certificate Templates

Microsoft Cloud PKI for Intune SCEP URL

Earlier this year, Microsoft announced Cloud PKI for Intune, a cloud service for issuing and managing digital certificates for Intune-managed endpoints. With Cloud PKI for Intune, administrators no longer need to deploy on-premises infrastructure to use certificates for user and device-based authentication for workloads such as Wi-Fi and VPN. Cloud PKI for Intune can be used standalone (cloud native) or integrated with an existing on-premises Active Directory Certificate Services (AD CS) enterprise PKI to extend an existing on-premises certificate services infrastructure.

Provisioning

Cloud PKI for Intune utilizes Simple Certificate Enrollment Protocol (SCEP) to enroll certificates for users and devices. To deploy Intune Cloud PKI certificates, administrators must create and deploy a SCEP Certificate device configuration policy in Intune.

SCEP URL

When creating the SCEP certificate device configuration policy in Intune, administrators are asked to supply the SCEP server URL. Administrators will find this information by opening the Intune management console, navigating to Tenant Administration > Cloud PKI, clicking on the issuing certification authority, and then clicking Properties.

Administrators may notice the URL is unreachable if they try to connect to it using their web browser or PowerShell. Specifically, the FQDN is not shown in the URI; instead, it is represented as the variable {{CloudPKIFQDN}}, as highlighted above.

Policy Configuration

You can safely ignore this as it is not an error or misconfiguration. Simply copy and paste the entire URL into your SCEP certificate device configuration profile as is. Intune in the background will convert this to a fully formed URL with a proper FQDN accessible from the public Internet. This variable is used because it allows Microsoft to use different resources dynamically according to geography and availability.

Additional Information

RFC 8894 – Simple Certificate Enrollment Protocol

Microsoft Cloud PKI for Intune

Microsoft Cloud PKI for Intune and Active Directory

Microsoft Cloud PKI for Intune and Certificate Templates