Moving day! Shift PKI to the cloud with Intune

That concludes our Unpacking Endpoint Management for today. We’ll be back next month at Data security: Zero Trust in a world of AI and emerging technology!

In addition to the questions posted on this page, we also answer questions posted in reply to the event on LinkedIn and X (Twitter). Here are the questions we answered today:

From Gary on LinkedIn -- I approached Microsoft to implement PKI on Azure about 2 years ago when I implemented a two-tier PKI based on Microsoft Windows Server 2019 ADCS on Azure VMs globally for a well-known company. I will be curious how Microsoft implemented their PKI PaaS service and if it also includes managing Key Vaults. Will it also extend to on-premises? - answered at 13:15

From LinkedIn -- (Follow up question from Gary) Is it a redundant service? For example, how is BCDR implemented across Azure regions and subscriptions. Will it be available in the government cloud? - answered at 35:00

From X -- So, honestly speaking, how much PKI knowledge do I need to have to administer this? - answered at 46:30

Is any type of automation supported for Cloud PKI provisioning (ARM template, bicep files, Terraform)? In addition to Intune Portal, which management methods are supported for managing Cloud PKI? Microsoft Graph REST API / Powershell / CLI? If Powershell (Graph SDK), will cmdlets be included in Microsoft.Graph.Intune module?

Where does the Cloud PKI license need to be applied - the Admin team, end users / device, or all? This makes a big different when building a cost case for migration.

Can we export the CA and Intermediate CA certificates so third party services can trust the created certificates?

Can we use all the cloud pki features with the Intune Suite add-on or do we need to purchase any other license for this.

Hi, it's my understanding that the Cloud PKI solution only supports Intune/Co-managed devices. If that's the case, it means that a lot of orgs will still need to have an onprem PKI infra for servers and other non supported wks. What are your thought to help such orgs to see the benefits of this cloud PKI solution over keeping their current on prem solution knowing that have to keep it for the other sceanrios. Thks

What is the cloud pki SLA offered Microsoft?

Are these PKIs HSM backed?

What level of support is available for the Apple ecosystem, specifically Mac and iOS?

I have an NPS server with a third party certificate that integrates with my Meraki access points to do Wi-Fi authentication. Will this solution replace my NPS solution? Please say yes! L)