Hello Everyone, first time posting. Hopefully this question hasn't been asked before. If so, my apologize.
I am trying to find out if I can use the JAMF > Intune integration to deploy SCEP certs from Intune. We have a mixed environment of both Windows and Macs. Windows is working well with our internal CA and NDES account. However, our Macs are a hassle with manual challenge phrases, etc with JAMF in the cloud. I know that Intune can deploy certs using the "Intune Connector", which allows for communication from our Intranet SCEP server to the cloud. However, JAMF does not have a tool like this that I know of. We do not want to expose our SCEP server to the internet, or use an external/JAMF CA as we already have it working on Windows so the JAMF SCEP Proxy idea is out.
Are there limitations to what the JAMF/Intune Integration can do? Can I create a SCEP policy in Intune and have it work on Macs enrolled in JAMF? From what I read, it seems like its mostly just related to compliance/conditional access. Any help is appreciated!
Did you manage to get this working? I would like to do the exact same thing in order to have intune controlled SCEP certificates pushed onto the Macs. Like you, we don't expose SCEP/NDES to the internet, and instead rely on the msappproxy secured to just intune to make it work.
Would be interested to know how you progressed - I need certs pushed for;
User - VPN and WiFi (PEAP)
Machine - VPN and WiFi (Cert auth)
We are actually still looking into this (put on hold with COVID) but did find the below article that somewhat describes what JamieG mentions.
Although this is for Intune, the concept is the same for JAMF. Basically has you create an AzureADProxy App in your intranet, which installs on a server, create an externally facing website in AzureAD as the Proxy, then use JAMF to point to that website.
The website for external IP's and Ports are: