Skip to main content
Skip table of contents

Microsoft InTune Support

IdExchange uses the GraphAPI and InTune SCEP validation API to securely and automatically issue derived credentials directly from the InTune MDM. In this configuration, the derived credential is deployed to the device using the InTune infrastructure automatically without any input required from the mobile device holder. 

How it works

User logs in with the PIV credential and registers their mobile device

Security officer logs in and verifies the request. IdExchange then works with InTune and the mobile device to perform the certificate generation process.

Benefits

IdExchange works directly with the InTune MDM and certificate authority to streamline the certificate distribution process. With this approach, organizations can quickly implement derived credentials with InTune using an existing CA without requiring any changes to the CA or additional CA infrastructure components. 

  • Simple set up for the InTune CA. Separate NDES server is not required.
  • Automated device registration
  • Multi-person validation
  • Simple for the end user
  • Use different certificate authorities

InTune Technical Operations

In addition to the MDM infrastructure previously described, IdExchange utilizes the InTune SCEP validation Api to verify the device requesting the certificate has been approved for a derived credential. 

Standardized SCEP Processing

IdExchange will process standard SCEP requests originating from the InTune MDM. By configuring InTune to use the IdExchange service, IdExchange is able to process the SCEP request, look up the user it belongs to, determine the certificate authority and certificate template to be used, validate the request, and return the certificate. 

SCEP Validation for Derived Credential Compliance

IdExchange uses the InTune SCEP validation as a means to verify the device has been approved. When IdExchange receives a request, the SCEP request is validated with InTune and then validated with IdExchange to ensure the user has been approved for a derived credential. After the verifications have occurred, the certificate is issued and IdExchange alerts InTune of the certificate generation action using the SCEP validation API. 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close