Certificate Enrollment Gateway can authenticate to Microsoft Intune using one of the following authentication methods:
- Password-based authentication: Certificate Enrollment Gateway authenticates to Microsoft Intune using an application key (also called an authentication key or client secret) generated in Microsoft Intune.
- Certificate-based authentication: Certificate Enrollment Gateway authenticates to Microsoft Intune using a trusted certificate. The certificate must be imported into Microsoft Intune.
You cannot generate a TLS certificate using Microsoft Intune. You must generate a certificate using another tool, and then import the certificate into Microsoft Intune.
Microsoft Intune and Certificate Enrollment Gateway must use the same certificate for authentication. Certificate Enrollment Gateway requires a P12 file for certificate-based authentication to Microsoft Intune. The P12 file for Certificate Enrollment Gateway must contain both the TLS certificate and associated private key,
To import the TLS certificate into Microsoft Intune
- Log in to the Microsoft Azure portal.
- Under Azure services, click Azure Active Directory.
- Click App Registrations.
- Select the application you created earlier for the CEG Service.
- Click Certificates & secrets.
- Click Upload certificate.
- Select the TLS certificate
- Click Add.
Information about the certificate is displayed under the Certificates pane.