Without the MDM sync, nothing will be processed on the Windows client at all! The following figure shows the task scheduler with MDM synchronization tasks.Īs a result of the research, the renewal threshold must not be present on the client side, if the server-side is taking care of the threshold! That’s what we expect Intune is actually doing. Let’s get started with the most basic step, the MDM sync. No worries, we will deep dive into the details of the complete processing chain. The Windows MDM client uses a subset of the Open Mobile Alliance (OMA) Device Management (DM) standard protocol v1.2.1 and the executable of the OMA-DM client is the omadmclient.exe.įor a better overview, the following figure shows the certificate processing on an MDM-managed Windows client. It is especially interesting, as this scenario uses MDM managed Windows client, which means the OMA-DM client is used to accomplish the certificate requests and renewals, which differs from a GPO-managed (domain joined) Windows client. The environment is simple and uses a Windows client and SCEPman as the Cloud CA, which is easily set up and nothing more than an Azure App Service. Today we are going to look under the hood of certificate requests or renewals on an MDM (Intune) managed Windows client.
0 Comments
Leave a Reply. |