Skip to content
RHVN

Intune PKI Integration

This document briefly explains how Intune can provision certificates to managed devices, enabling them to authenticate securely, and support a zero trust environment.

How it Works

Section titled “How it Works”
  1. Device is enrolled into Intune, typically during setup or Autopilot provisioning.
  2. Intune delivers a certificate to the device in the background.
  3. Device configuration applies the certificate to authenticate a device on the network
  4. Device automatically connects to the network using the certificate

Why Use Certificates?

Section titled “Why Use Certificates?”
  • Moves towards phishing resistant authentication
  • Devices can connect to Wi-Fi before any user logs in
  • Enables tighter control over who and what connects to your internal networks
  • Certificates can be automatically rotated or revoked when needed

Deployment Considerations

Section titled “Deployment Considerations”

Certificate-based authentication offers a seamless experience on both wired and wireless networks. Devices use their machine certificate to authenticate without prompting the user, ideal for shared or always-on systems. This provides strong protection vs other methods such as MAC auth or user credentials

Maintenance & Security

Section titled “Maintenance & Security”
  • Certificates are issued automatically and renew before expiration.
  • Devices that are wiped, retired, or removed from management will lose certificate access.
  • Expired or revoked certificates no longer allow Wi-Fi or network access.
  • Admins can audit certificate activity via logs from the certificate authority or Intune.
  • Intune can silently rotate certificates without user input, reducing risk of expired access.
  • Certificate access can be revoked instantly in response to compromised devices.

Further Reading

Section titled “Further Reading”