Microsoft has just released a new whitepaper about Securing and Hardening NDES for Microsoft Intune and System Center Configuration Manager:

We have just published a new whitepaper that describes best practices for securing and hardening the Network Device Enrollment Service (NDES) server role for use with Microsoft Intune and System Center Configuration Manager

Deploying certificates via the Simple Certificate Enrollment Protocol (SCEP) ensures that unique private keys are kept on mobile devices and are not accessible by other systems, services, or personnel. These keys can be further protected by using Trusted Platform Modules (TPMs) on Windows or Windows Phone, and by detecting and blocking jailbroken iOS devices or rooted Android devices to ensure the keys are not being exported.

Full post:


Login to leave your feedback!

Leave a Reply