Hello Everyone!
Short post here today.
I have recently been doing a lot more Intune work and ran into a small gotcha that was not documented by Microsoft anywhere.
I am not going to dive into the details of setting up an NDES server or PKI infrastructure, god have mercy on you if you have to do this and dont know how, but what I will do is link you to some good articles.
The official document from MS - Take heed my warning comment and the one from Sassan!
https://docs.microsoft.com/en-us/intune-classic/deploy-use/Configure-certificate-infrastructure-for-scep
My prefered document
https://www.scconfigmgr.com/2016/04/12/prepare-your-environment-for-scep-certificate-enrollment-with-microsoft-intune/
Both very similar documents but the second one is easier to follow and a little more fleshed out in my opinion.
What I want to address today is this part
This is where you create the certificate that the Intune Connector is going to use. What it doesnt tell you is that this connector does not accept certs issued with a template above schema version 2.
See here
So if you are using custom templates and are on more than schema 2 do not copy from that template, use the built in template.
The Intune Connector does not tell you why the install fails, only that it does.
Somtimes I just....
(╯°□°)╯︵ ┻━┻