Configure NDES for use with Intune

To configure NDES, you need to follow below steps:

  1. On the Role Services Page, select the Network Device Enrollment Service.
  2. 319

  3. On the Service Account for NDES page, specify the NDES Service Account
  4. 320

  5. On the CA for NDES page, click Select, and then select the issuing CA where you configured the certificate template.
  6. 321

  7. On RA Information, Click Next
  8. 322

  9. On the Cryptography for NDES page, set the key length to meet your company requirements.
  10. 323

  11. On the Confirmation page, click Configure to complete the wizard.
  12. 324 325

  13. After the wizard completes, edit the following registry key on the NDES Server: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\, edit on 3 Template and type your template name “IntuneTemplate”
  14. 326

  15. After editing the registry, run iisreset on the server to force the server to pick up recent configuration changes.
  16. 327

To Install and bind certificates on the NDES Server

  1. On your NDES Server, request and install a server authentication certificate from your internal CA or public CA. You will then bind this SSL certificate in IIS.
  2. 328 329

  3. After you obtain the server authentication certificate, open IIS Manager, select the Default Web Site in the Connections pane, and then click Bindings in the Actions pane.
  4. 330

  5. Click Add, set Type to https, and then ensure the port is 443. (Only port 443 is supported for standalone Intune).
  6. 331 332

  7. For SSL certificate, specify the server authentication certificate.
  8. 333

To configure IIS Request Filtering

  1. On the NDES Server open IIS Manager, select the Default Web Site in the Connections pane, and then open Request Filtering.
  2. 334

  3. Click Edit Feature Settings, and then set the following:
    • query string (Bytes) = 65534
    • Maximum URL length (Bytes) = 65534
  4. 335

  5. Review the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
  6. Ensure the following values are set as DWORD entries:
    • Name: MaxFieldLength, with a decimal value of 65534
    • Name: MaxRequestBytes, with a decimal value of 65534
  7. 336

  8. Reboot the NDES server. The server is now ready to support the Certificate Connector
This entry was posted in Microsoft Intune. Bookmark the permalink.

One Response to Configure NDES for use with Intune

  1. Pingback: Enable access to company resources using Certificate profiles | Mai Ali's Technical Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s