Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Intune

← Ideas

Deploy unique computer certificates using Intune/SCEP/NDES

We want to deploy unique device certificates to our Windows 10 devices using Intune/SCEP/NDES. At the moment we can only deploy user certificates.

The story behind this idea is as follows:

We are using shared Windows 10 devices and a wireless environment that uses certificate authentication. Because of the shared devices and the possibility that the user never logged on to the device yet, we want the wireless profile to be connected before user logon. And that requires a unique computer certificate.

570 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    Ruud Gijsbers shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    15 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Forgot password?
      Create a password
      Signed in as (Sign out)
      Close
      Close
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Any update? This is holding up adoption anywhere where networks will only talk to trusted devices.

      • Sudarshan commented  ·   ·  Flag as inappropriate

        @Cathy Moya - can you confirm if this unique device cert can be deployed to Shared iOS device before deploying in kiosk mode(they will be DEP devices)

      • Jason Schuler commented  ·   ·  Flag as inappropriate

        I am currently running into a need for this. I have Windows 10 devices running the Intune Software client that have conflicts with my Computer certificate auto-enroll GPO. This is causing the software client to crash and do me no good. I’m being told to manage Windows 10 as mobile devices but will then lose the ability to deploy my WiFi profile using computer cert authentication. If it’s not one thing it’s another...

      • Andreas Norling commented  ·   ·  Flag as inappropriate

        I would very much like to be able to deploy computer/device certificates as well. As other people have mentioned, I would like the device to be able to connect to our wifi before any user has logged in to it.

      • Oliver Kieselbach commented  ·   ·  Flag as inappropriate

        indeed and in troubleshooting cases this is good also. Imagine a Win10 AAD joined device. now you get logon problems with the logon of the owner. to logon with a different user you need an internet connection (Wi-Fi) but you won't get one as it's bound to user cert at the moment. with a device cert this would be no problem!

      • Andre Potters commented  ·   ·  Flag as inappropriate

        We are using shared Windows 10 devices and a wireless environment that uses certificate authentication. Because of the shared devices and the possibility that the user never logged on to the device yet, we want the wireless profile to be connected before user logon. And that requires a unique computer certificate.

      • Ruud Gijsbers commented  ·   ·  Flag as inappropriate

        We want to deploy unique device certificates to our Windows 10 devices using Intune/SCEP/NDES. At the moment we can only deploy user certificates.

        The story behind this idea is as follows:

        We are using shared Windows 10 devices and a wireless environment that uses certificate authentication. Because of the shared devices and the possibility that the user never logged on to the device yet, we want the wireless profile to be connected before user logon. And that requires a unique computer certificate.

      Ideas: Mobile Device Management (general)

      Feedback and Knowledge Base

      (thinking…)