Verify NDES configuration on-premises for SCEP certificates in Intune
This article helps determine whether you have configured correctly your infrastructure to use Simple Certificate Enrollment Protocol (SCEP) certificates in Microsoft Intune.
This article can also be used to troubleshoot SCEP certificate deployment issues if your on-premises configuration has changed or is broken and needs validation.
Original product version: Microsoft Intune
Original KB number: 4490130
Verify NDES configuration on-premises for SCEP certificates
Open the Validate-NDESConfiguration.ps1 script and copy it to your NDES server.
On the NDES server, run PowerShell as administrator. You may have to change PowerShell ExecutionPolicy to Unrestricted to run the script.
Do not forget to change it back to the original setting once done .
Values for the following parameters are required:
This is the account that you created in the Accounts section of the Configure infrastructure to support SCEP with Intune.
The following format is used: Domain\<username>. For example: contoso\ndes.
Do not specify the root domain part of the account such as contoso.lab\ndes as this does not work.
This is the fully qualified domain name (FQDN) of your issuing certification authority (CA) server such as dc2.consoto.lab.
This is the template name that is specified in the Configure the certification authority section of the Configure infrastructure to support SCEP with Intune.
The following screenshot occurs when the Validate-NDESConfiguration.ps1 script is run.
Type Y to continue.
The Validate-NDESConfiguration.ps1 script continues and finishes all required checks.
When the Validate-NDESConfiguration.ps1 script is finished, you are prompted to generate a report.
Type Y or N to review the reports.