Intune CSR Validation for SCEP

[beejaygee]

What would you like to be added

Intune CSR Validation for SCEP.

Why this is needed

This allows Intune to use SCEP for certificate deployment. This allows devices in Intune to automatically obtain a certificate for verification for 802.1x WPA Enterprise and to validate that request with Intune. This is so that enterprise MDM devices such as iPhones, Android devices, and Azure AD joined devices can enroll for certificates over the internet in a secure manner.

Now that SCEP support has been added it shouldn't be much more difficult to add Intune CSR validation. There's a few resources that Microsoft provides on the topic:

https://github.com/Microsoft/Intune-Resource-Access/tree/develop/src/CsrValidation https://docs.microsoft.com/en-us/mem/intune/protect/scep-libraries-apis

[dopey]

Hey, we're interested Intune CSR validation but we don't have the bandwidth to research and plan this at the moment. More generally, we are interested in MDM, but similarly don't have the bandwidth to act on the interest right now.

For the time being I've put this issue on our roadmap so that when we discuss new projects we will address it.

[arjunasokan-bc]

Adding my +1 to this, would love to ditch Microsoft for this.

[nwmcsween]

Financially Intune support would make a lot sense for smallstep as the company I currently work for would pay for support contracts if implemented and supported.

[ccben87]

Packetfence already has code written in Go to do this: https://github.com/inverse-inc/packetfence/blob/devel/go/caddy/pfpki/cloud/intune.go Now that SCEP has been implemented, it shouldn't be too much effort to implement this. I'm tempted to have a shot at it myself but I don't know Go and I'd be learning from scratch but don't know if I have the time.

[trs80]

Per the discord, this is apparently supported in the commercial version of smallstep