Verify NDES configuration on-premises for SCEP certificates in Intune

This article helps determine whether you have configured correctly your infrastructure to use Simple Certificate Enrollment Protocol (SCEP) certificates in Microsoft Intune.

This article can also be used to troubleshoot SCEP certificate deployment issues if your on-premises configuration has changed or is broken and needs validation.

Original product version:   Microsoft Intune
Original KB number:   4490130

Verify NDES configuration on-premises for SCEP certificates

  1. Open the Validate-NDESConfiguration.ps1 script and copy it to your NDES server.

    Screenshot of opening the Validate-NDESConfiguration.ps1 script.

  2. On the NDES server, run PowerShell as administrator. You may have to change PowerShell ExecutionPolicy to Unrestricted to run the script.


    Do not forget to change it back to the original setting once done .

  3. Values for the following parameters are required:

  4. The following screenshot occurs when the Validate-NDESConfiguration.ps1 script is run.

    Screenshot of running script.

  5. Type Y to continue.

  6. The Validate-NDESConfiguration.ps1 script continues and finishes all required checks.

    Screenshot of script finishes.

  7. When the Validate-NDESConfiguration.ps1 script is finished, you are prompted to generate a report.

    You're prompted to generate a report.

  8. Type Y or N to review the reports.