Skip to content

Enterprise Mobility + Security

Managed Service Identities and Azure AD: Helping Azure developers keep their secrets secret!

Howdy folks, Just a quick note today! I am excited to announce a preview of a new integration between Azure and Azure Active Directory that is designed to make life easier for developers. It’s called Managed Service Identity, and it makes it simpler to build apps that call Azure services. Typically, to call a cloud...

Read more

Whitepaper: Securing and Hardening NDES for Microsoft Intune and System Center Configuration Manager

We have just published a new whitepaper that describes best practices for securing and hardening the Network Device Enrollment Service (NDES) server role for use with Microsoft Intune and System Center Configuration Manager.  Deploying certificates via the Simple Certificate Enrollment Protocol (SCEP) ensures that unique private keys are kept on mobile devices and are not accessible...

Read more

Announcement: How to Request a Certificate with a Custom Subject Alternative Name

[Today’s post comes from Carol Bailey] I’m really pleased to be able to announce a recent publication from the Certificate Services documentation team that will help our customers running Configuration Manager in native mode: How to Request a Certificate With a Custom Subject Alternative Name. There are a couple of native mode scenarios that require...

Read more

Updated Blog Post for How to Publish the CRL on a Separate Web Server – for Delta CRLs

[Carol Bailey has updated her previous post “How to Publish the CRL on a Separate Web Server”]    We’ve recently updated our blog post for publishing the CRL on a separate Web server because the instructions were missing the variable <DeltaCRLAllowed> in the paths, which is needed for delta CRLs. As a rule, I’m not fond of...

Read more

Recommended White Paper for Native Mode Customers: Deploying and Managing PKI inside Microsoft (Microsoft IT Showcase)

[Carol Bailey gives us a recommendation for PKI reading material]  Customers that are running Configuration Manager in native mode and support Internet-based client management might be interested in reading the following technical white paper that was originally published in 2005 but updated in June this year.  I particularly liked the section “Lessons Learned and Best Practices”...

Read more

Recommendations for PKI Key Lengths and Validity Periods with Configuration Manager

[Today’s post is provided by Carol Bailey] I sometimes get questions from customers about values to set for the key sizes and validity periods for the certificates required for native mode and out of band management in Configuration Manager.  This has been a tough one for me to answer, because in the main, these values...

Read more

How to Publish the CRL on a Separate Web Server

[Today’s post is provided by Carol Bailey] By default, an issuing enterprise CA publishes its certificate revocation list (CRL) to locations within the forest. When you are using Internet-based client management with Configuration Manager, there are scenarios where you might need to publish the CRL on a separate server, outside the forest. These scenarios include...

Read more