Open beejaygee opened 3 years ago
dopey
commented
3 years ago Hey, we're interested Intune CSR validation but we don't have the bandwidth to research and plan this at the moment. More generally, we are interested in MDM, but similarly don't have the bandwidth to act on the interest right now.
For the time being I've put this issue on our roadmap so that when we discuss new projects we will address it.
arjunasokan-bc
commented
2 years ago Adding my +1 to this, would love to ditch Microsoft for this.
nwmcsween
commented
1 year ago Financially Intune support would make a lot sense for smallstep as the company I currently work for would pay for support contracts if implemented and supported.
ccben87
commented
1 year ago Packetfence already has code written in Go to do this: https://github.com/inverse-inc/packetfence/blob/devel/go/caddy/pfpki/cloud/intune.go Now that SCEP has been implemented, it shouldn't be too much effort to implement this. I'm tempted to have a shot at it myself but I don't know Go and I'd be learning from scratch but don't know if I have the time.
trs80
commented
1 year ago Per the discord, this is apparently supported in the commercial version of smallstep
What would you like to be added
Intune CSR Validation for SCEP.
Why this is needed
This allows Intune to use SCEP for certificate deployment. This allows devices in Intune to automatically obtain a certificate for verification for 802.1x WPA Enterprise and to validate that request with Intune. This is so that enterprise MDM devices such as iPhones, Android devices, and Azure AD joined devices can enroll for certificates over the internet in a secure manner.
Now that SCEP support has been added it shouldn't be much more difficult to add Intune CSR validation. There's a few resources that Microsoft provides on the topic:
https://github.com/Microsoft/Intune-Resource-Access/tree/develop/src/CsrValidation https://docs.microsoft.com/en-us/mem/intune/protect/scep-libraries-apis