Andrew McNaughton
Andrew McNaughton
Yes I have achieved Key Attestation with Intune using SCEP but this needs to be made clearer and that when you use SCEP you are limited to the template configured...
SCEP supports one template for signatures, one template for encryption and one template for "general purpose" (encryption and signatures). In the real world, we use certificates for signing and encryption...
We're seeing this issue with several HP models when in UEFI mode. No issues with legacy mode. We use Quest KACE SDA which utilises iPXE. They recently incorporated the current...
Me too. Trying to troubleshoot this new connector since it's completely broken our previously functional Intune certificate service.
That page says: "The device issues a new order request using the ClientIdentifier as the permanent-identifier. For compatibility, the ACME server needs to respond with a challenge type of device-attest-01....
I would be happy to test too. If that's all that's needed. Intune is what I'd use at the moment but the MDM shouldn't matter. It should be pretty agnostic....
I finally got to try progressing this. Looks like the MDM side is working and the Mac seems happy with it, however there's an authentication issue when it goes to...
The forwarding stuff didn't seem to be working and I suspect it's because Microsoft tries to make their application proxy as transparent as possible... possibly by not sending any headers...
For what it's worth, Apple's CertificateService process declares what it's about to send over to the server like this: ``` [0:Cert_PI:ACME:] ACME options: { AllowAllAppsAccess = 1; Attest = 1;...
The latest working folder: [ACME-ADCS-2025-05-04-1128.zip](https://github.com/user-attachments/files/20027105/ACME-ADCS-2025-05-04-1128.zip)