User Client Certificates
Create a profile for Windows 8.1 and later with the type SCEP certificate in Microsoft Intune
Certificate type: User
Subject Name format : CN = {{UserName}}, E={{EmailAddress}}
Subject alternative name: User principal name (UPN), '{{UserPrincipalName}}'
Certificate Validity Period: 1 year
KSP: Enroll to Trusted Platform Module (TPM) KSP, otherwise fail
Key usage: Digital signature and Key encipherment
Key size: 2048
Hash algorithm: SHA-2
Root certificate: Profile created from before
Extended key use: Client Authentication.
SCEP Server URL: Enter your SCEP Server URL. (This can be found on your respective CA's Dashboard)
