Skip to main content
Question

JAMF / Intune SCEP Enrollment

  • October 6, 2020
  • 4 replies
  • 92 views
S
Forum|alt.badge.img+3

Hello Everyone, first time posting. Hopefully this question hasn't been asked before. If so, my apologize.

I am trying to find out if I can use the JAMF > Intune integration to deploy SCEP certs from Intune. We have a mixed environment of both Windows and Macs. Windows is working well with our internal CA and NDES account. However, our Macs are a hassle with manual challenge phrases, etc with JAMF in the cloud. I know that Intune can deploy certs using the "Intune Connector", which allows for communication from our Intranet SCEP server to the cloud. However, JAMF does not have a tool like this that I know of. We do not want to expose our SCEP server to the internet, or use an external/JAMF CA as we already have it working on Windows so the JAMF SCEP Proxy idea is out.

Are there limitations to what the JAMF/Intune Integration can do? Can I create a SCEP policy in Intune and have it work on Macs enrolled in JAMF? From what I read, it seems like its mostly just related to compliance/conditional access. Any help is appreciated!

Thanks!

      4 replies

      J
      Forum|alt.badge.img+4
      • JamieG
      • Contributor
      • December 4, 2020

      Hi Schmidt,

      Did you manage to get this working? I would like to do the exact same thing in order to have intune controlled SCEP certificates pushed onto the Macs. Like you, we don't expose SCEP/NDES to the internet, and instead rely on the msappproxy secured to just intune to make it work.

      Would be interested to know how you progressed - I need certs pushed for;
      User - VPN and WiFi (PEAP)
      Machine - VPN and WiFi (Cert auth)

      easyedc
      Forum|alt.badge.img+16
      • easyedc
      • Esteemed Contributor
      • September 16, 2021

      Just bumping this before I start going down the same path.  Did either of you all have any luck?

      J
      Forum|alt.badge.img+4
      • JamieG
      • Contributor
      • September 17, 2021

      Just bumping this before I start going down the same path.  Did either of you all have any luck?


      No - unfortunately best solution I could find was using the JAMF SCEP policy and proxying, via an msappproxy with restrictions for the IP address of my JAMF Pro instance (in the cloud).

      S
      Forum|alt.badge.img+3
      • Schmidt
      • Author
      • New Contributor
      • September 21, 2021

      No - unfortunately best solution I could find was using the JAMF SCEP policy and proxying, via an msappproxy with restrictions for the IP address of my JAMF Pro instance (in the cloud).


      Hey easyedc,

           We are actually still looking into this (put on hold with COVID) but did find the below article that somewhat describes what JamieG mentions.

       

      Support Tip - How to configure NDES for SCEP certificate deployments in Intune - Microsoft Tech Community

       

      Although this is for Intune, the concept is the same for JAMF.  Basically has you create an AzureADProxy App in your intranet, which installs on a server, create an externally facing website in AzureAD as the Proxy, then use JAMF to point to that website.

       

      The website for external IP's and Ports are:

      Permitting Inbound/Outbound Traffic with Jamf Cloud - Technical Articles | Jamf

      Network Ports Used by Jamf Pro - Technical Articles | Jamf

      Terms & ConditionsCookie settingsAccessibility statement