Profiles that use certificate based authentication should not be installed until the certificate is installed
For configuration profiles that use certificate based authentication they should not be installed until the associated certificate is installed.
We use certificate based authentication for e-mail using ActiveSync. This uses two different profiles; one is a profile with the e-mail configuration the other is a profile with the user certificate. The e-mail profile typically installs before the certificate profile, Once the e-mail profile is installed it prompts the user to enter their password. If they enter their password it uses their password instead of certificate based authentication.
If we configure our e-mail profile to use certificate based authentication we need Intune to wait until the associated certificate is installed before Intune installs the e-mail profile.
Kevin Icard commented
Shouldn't this issue be categorized under the category: Certs, Email , VPN, Wi-Fi
Todd Moore commented
This is unbelievable that Microsoft thinks this is acceptable. Stop saying you can configure the device to use certificate based authentication unless you push both the certificate with the e-mail configuration. If you push out the e-mail configuration with out the certificate and just hope it gets there later just does not work. If you can't push them put together then remove support for configuring e-mail profiles with certificates. Just admit you can't do it. Just admit Intune is not ready for prime time. It is not a usable product. Just admit Microsoft does not want to put the effort to putting together a quality product.
George Hinkes commented
This is a huge issue for us. Please resolve as soon as possible.