Entrust PKIaaS - Customer Guide [PDF]

Create the following profiles for enrolling iOS and iPadOS devices with Intune.

To create an iOS or iPadOS profile for Intune

Create a profile

On the Create a profile dialog, select the following fields for the SCEP profile.

Setting	Root CA profile	Issuing CA profile	SCEP profile
Platform	iOS/iPadOS	iOS/iPadOS	iOS/iPadOS
Profile type	Templates	Templates	Templates
Template name	Trusted certificate	Trusted certificate	SCEP certificate

When creating root or issuing CA profiles, configure the following settings on the Configuration settings page.

Setting	Root CA profile	Issuing CA profile
Certificate file	The root Certification Authority certificate	The issuing Certification Authority certificate

See Downloading a CA certificate to download CA certificates.

When creating a SCEP profile, configure the following settings on the Configuration settings page.

Setting	Value
Certificate type	Select User.
Subject name format	The syntax of the certificate subject names. This field supports the variables described in https://learn.microsoft.com/en-us/mem/intune/protect/certificates-profile-scep
Subject alternative name	The value of each attribute in the certificate subject alternative name. Optional.
Certificate validity period	The validity period of the certificates.
Key usage	The key usage of the enrolled certificates.
Key size (bits)	Select 2048 or 4096 (Entrust PKIaaS does not support key sizes below 2048).
Hash algorithm	Select SHA-2.
Root certificate	Select the root CA profile.
Extended key usage	Select Client Authentication.
SCEP Server URLs	Paste one of the URLs obtained when Getting the Intune Service URL.

On the Assignments page, select the user group of the Intune-enrolled devices.

On the Review + create page, check the settings of the new profile and click Create to confirm the profile creation.