Using JAMF SCEP Proxy with MS Intune Certificate Connector
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Hello Everyone,
I am looking for some assistance with an issue that I am wondering if anyone else has ran into. I have JAMF as our MDM for MacOS. I am moving towards MS Intune for our Windows endpoints. Currently I have JAMF setup as a Proxy to deploy SCEP certs to our Macs. This was done using Entra ID App Proxy with a Private Network connector. This works great.
Now for the problem... I want to setup Intune to deploy certs to our Windows endpoints but it fails unless the "PFX Certificate Connector" is installed. When that gets installed, it highjacks the SCEP URL and blocks everything not coming from Intune. Essentially I can only have one or the other. JAMF or Intune. Has anyone got both of these working at the same time?
Thanks in Advance for any help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wednesday
I experienced this as well. You cannot share the NDES server with Jamf and Intune. You will need to have two, one with the Intune connector and the other dedicated to Jamf. Both are tied to your CA.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Hi dubel,
Thanks for the info. I was afraid of having to do this. We have mostly cloud services so it costs for each VM we run so having 2 SCEP servers running isn't great but may be required.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
I would advise to follow this setup to deploy PKI certificates via Jamf.
https://macnotes.wordpress.com/2020/11/11/configuring-azure-web-application-proxy-for-jamf-pro-scep-...
In essence you create an application proxy within Azure and you deploy a configuration profile with a SCEP payload using the Intune app proxy URL and a PKI service account.
Using this in my environment and works great for user level and machine certifications.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Hi Joostvantwout,
Does this work with both Intune cert deployment for Windows clients as well as JAMF certs for MacOS? I currently have what this URL describes working for MacOS with the Entra App Proxy. Problem is the note just before step 1 in that guide, specifically: "only traffic coming in from Intune will authenticate properly in IIS and any other client requests will get rejected". The guide then talks about setting up a "Vanilla" instance, which is what I currently use.
