Creating Intune profiles for Android in Azure
Create the following profiles for enrolling Android devices with Intune.
A root CA profile
An issuing CA profile
A SCEP profile
To create an Android profile for Intune
Log into endpoint.microsoft.com as a user with administrative privileges.
Go to Devices > Android.
Select Manage devices > Configuration and click Create.
In the Create a profile dialog, configure the settings described in the following sections.
Create a profile
In the Create a profile dialog, select the following fields for each Android profile.
Setting |
Root CA profile |
Issuing CA profile |
SCEP profile |
Platform |
Android Enterprise |
Android Enterprise |
Android Enterprise |
Profile type |
Trusted certificate |
Trusted certificate |
SCEP certificate |
Basics
In the Name field of the Basics page, type the name of the profile – for example:
ABC Root
ABC Issuing
ABC Digital Signature SCEP Cert
Optionally, add a description of the profile purpose.
Configuration settings
When creating root or issuing CA profiles, configure the following settings on the Configuration settings page.
Setting |
Root CA profile |
Issuing CA profile |
Certificate file |
The root Certification Authority certificate |
The issuing Certification Authority certificate |
See Downloading a CA certificate to download CA certificates.
When creating a SCEP profile for Android, configure the following settings on the Configuration settings page.
Setting |
Value |
Certificate type |
Select User. |
Subject name format |
The syntax of the certificate subject names. This field supports the variables described in https://learn.microsoft.com/en-us/mem/intune/protect/certificates-profile-scep |
Subject alternative name |
The value of each attribute in the certificate subject alternative name. Optional. |
Certificate validity period |
The validity period of the certificates. |
Key usage |
The key usage of the enrolled certificates. |
Key size (bits) |
Select 2048 or 4096 (Entrust PKIaaS does not support key sizes below 2048). |
Hash algorithm |
Select SHA-2. |
Root certificate |
Select the root CA profile |
Extended key usage |
Select Client Authentication. |
SCEP Server URLs |
Paste one of the URLs obtained when Getting the Intune Service URL. |
Assignments
On the Assignments page, select the user group of the Intune-enrolled devices.
Review and create
On the Review + create page, check the settings of the new profile and click Create to confirm the profile creation.