In a diptych I'm sharing my experiences, common practices and challenges of implementing Microsoft Intune PFX connector as certificate deployment mechanism in the enterprise. From here we go to Mobile Device Management and select Certificate Connector. Export the root certificate from the Enterprise CA To authenticate a device with VPN, WiFi, or other resources, a device needs a root or intermediate CA certificate. Enable Public Contributions. Important. Initially the Microsoft Intune SCEP/PFX connector didnât provide support for high availability. The SCEP/PFX connector could be installed as an single instance with no option for multiple ⦠Install the Intune Certificate Connector. First we need to log into the Intune console on https://manage.microsoft.com and go to the Admin workspace in the console. Microsoft Intune SCEP/PFX connector support multiple active connectors per tenant. For environments that are disconnected, follow guidance to ensure root certificates are installed on ⦠Hello, due to issues with our old machine providing PFX connector i had to deploy a new machine using the latest version of PFX Connector (6.2008.60.612). Then, as per the nature of a PFX certificate, the private key is exported, everything is encrypted and sent to Intune, which will then install the PFX certificate on the device. Contribute to MicrosoftDocs/memdocs development by creating an account on GitHub. This will start the download of NDESConnectorSetup.exe. Installing the Intune Certificate Connector software is like installing any other ⦠Install the Microsoft Certificate Connector. In my first blog post I covered the basics of implementing a certificate deployment infrastructure based on Microsoft Intune PFX connector. Export certificates from the certification authority and then import them to Microsoft Intune. To use PKCS certificate profiles: Install the PFX Certificate Connector for Microsoft Intune. PFX Certificate Connector for Microsoft Intune: For information about the PFX Certificate connector, including prerequisites and release versions, see Certificate connectors . Notes: by default the connectors listed in the Microsoft Intune portal cannot be identified/linked to the on-premise servers where the SCEP/PFX connectors are installed on. For any Intune on-premises connectors in use, such as the Exchange, NDES, ODJ, or PFX connectors, ensure your servers receive the Root Certificate updates. In the new blade that opens, click on the link that says Download the certificate connector software under the SCEP section. Since December 2017 Microsoft Intune introduced support for multiple active SCEP/PFX connectors per tenant in order to provide high availability for certificate handling. In Whats New with Intune i found that the new connector provide PFX and PKCS in one with no need to install others connectors. Beginning with the PFX Certificate Connector version 6.2008.60.607 (released in August of 2020), this connector supports certificate deployment for PCKS #12 certificate requests and handles requests for PFX files imported to Intune ⦠The private key is generated in the server where the Certificate Connector is installed. To use PKCS imported certificates: Install the PFX Certificate Connector for Microsoft Intune. My advice is to rename the first connector after installation and repeat this for each additional connector ⦠Copy this file to the NDES server. Explained the differences and ⦠PFX Certificate Connector for Microsoft Intune: When a device requests a PFX certificate that was imported to Intune, the encrypted password, the certificate, and the device's public key are sent to the connector. Click on Configure On-Premises Certificate Connector, mark the checkbox for Enable Certificate Connector and OK. Intune supports install of the PFX Certificate Connector on the same server as the Microsoft Intune Certificate Connector.