To configure NDES, you need to follow below steps:
- On the Role Services Page, select the Network Device Enrollment Service.
- On the Service Account for NDES page, specify the NDES Service Account
- On the CA for NDES page, click Select, and then select the issuing CA where you configured the certificate template.
- On RA Information, Click Next
- On the Cryptography for NDES page, set the key length to meet your company requirements.
- On the Confirmation page, click Configure to complete the wizard.
- After the wizard completes, edit the following registry key on the NDES Server: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\, edit on 3 Template and type your template name “IntuneTemplate”
- After editing the registry, run iisreset on the server to force the server to pick up recent configuration changes.
To Install and bind certificates on the NDES Server
- On your NDES Server, request and install a server authentication certificate from your internal CA or public CA. You will then bind this SSL certificate in IIS.
- After you obtain the server authentication certificate, open IIS Manager, select the Default Web Site in the Connections pane, and then click Bindings in the Actions pane.
- Click Add, set Type to https, and then ensure the port is 443. (Only port 443 is supported for standalone Intune).
- For SSL certificate, specify the server authentication certificate.
To configure IIS Request Filtering
- On the NDES Server open IIS Manager, select the Default Web Site in the Connections pane, and then open Request Filtering.
- Click Edit Feature Settings, and then set the following:
- query string (Bytes) = 65534
- Maximum URL length (Bytes) = 65534
- Review the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
- Ensure the following values are set as DWORD entries:
- Name: MaxFieldLength, with a decimal value of 65534
- Name: MaxRequestBytes, with a decimal value of 65534
- Reboot the NDES server. The server is now ready to support the Certificate Connector