Intune Introduction
This section details the Microsoft Endpoint Manager - Intune SCEP integration with Horizon, used to enroll, renew and revoke certificates on Intune managed devices.
This integration involves at least three infrastructure components:
-
Microsoft Endpoint Manager / Intune
-
Azure Active Directory
-
EverTrust Horizon
The enrolled devices interface with these components in order to retrieve their certificate.
The diagram displays these components as well as the various flows involved in an enrollment.
Microsoft describes the integration principles on their website: https://docs.microsoft.com/en-us/mem/intune/protect/certificate-authority-add-scep-overview
Finally, this integration will require to set up, on Horizon side, the following elements:
-
an Intune Connector, which holds the configuration items required for Horizon to connect to Azure AD and Intune
-
an Intune Profile, which holds the configuration items specifying how Horizon should issue certificates for the specified Intune Connector
-
an Intune Scheduled Task, which holds configuration items defining the scheduled task in charge of performing revocation upon decommissioning devices from Azure AD. This is optional.