Enabling autoenrollment for devices

Configure the PKIaaS WSTEP Group Policy Object to enable autoenrollment for devices

To enable autoenrollment for devices

  1. In the navigation tree of the new PKIaaS WSTEP Group Policy Object, expand Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.

  2. In the content pane, right-click Certificate Services Client Auto Enrollment and select Properties to display the Certificate Services Client Auto-Enrollment Properties dialog box.

    images/download/attachments/232241557/image-2024-2-16_15-15-3-version-1-modificationdate-1708092903523-api-v2.png


  3. Select Enabled in the Configuration Model drop-down list.

  4. Check the following boxes:

    • Renew expired certificates, update pending certificates, and remove revoked certificates

    • Update certificates that use certificate templates.

  5. Optionally, change the percentage under Log expiry events and show expiry notifications when the percentage of remaining certificate lifetime is.

  6. Click OK.