IDEE
← Entra ID Guides Function Guides for Admins

User Client Certificates

  1. Create a profile for Windows 8.1 and later with the type SCEP certificate in Microsoft Intune

  2. Certificate type: User

  3. Subject Name format : CN = {{UserName}}, E={{EmailAddress}}

  4. Subject alternative name: User principal name (UPN), '{{UserPrincipalName}}'

  5. Certificate Validity Period: 1 year

  6. KSP: Enroll to Trusted Platform Module (TPM) KSP, otherwise fail

  7. Key usage: Digital signature and Key encipherment

  8. Key size: 2048

  9. Hash algorithm: SHA-2

  10. Root certificate: Profile created from before

  11. Extended key use: Client Authentication.

  12. SCEP Server URL: Enter your SCEP Server URL. (This can be found on your respective CA's Dashboard)