Known Issue with SCEP profiles for Android Enterprise fully managed devices in Intune

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

We’ve seen an issue in the “Common name” value of SCEP certificate profiles for Android Enterprise fully managed devices in Intune.


These profiles can potentially fail to deploy because of how the Common Name value is interpreted in the Intune backend. Even if your certificates are deploying to devices, they may be using a different value for Common Name than SCEP profiles you’ve deployed for other platforms. 


We’ll update this post when the fix for this issue is rolled out so you can make changes to impacted profiles. After that fix is in, you will have to take action to ensure that your SCEP profiles work as expected.


For existing SCEP profiles, we recommend that you delete the existing profile and create a new one with the same configuration after the fix has been rolled out.  This will ensure that the certificates you issued are issuing certificate subject names consistent with our SCEP profiles you may have for other platforms.  Once you create and deploy the updated SCEP profile, all devices targeted by the policy will receive a new certificate with the correct Common Name and the old certificate will be removed.


If you do not take action to delete an impacted profile, the profile will get the correct Common Name value when the SCEP certificate is next renewed.


More information about SCEP certificate profiles is available in the Create and assign SCEP certificate profiles in Intune doc. 


REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.