LogoLogo
LogoLogo
  • Welcome
  • Details
  • Editions
  • Use Cases
  • SCEPMAN Deployment
    • Getting Started
      • Standard Guide
      • Extended Guide
    • Permissions
      • Azure App Registration
      • Managed Identities
    • Deployment Options
      • Marketplace deployment
      • Enterprise deployment
      • Terraform deployment
    • Root CA
    • Intermediate CA
  • Certificate Management
    • Revocation
    • Microsoft Intune
      • Windows
        • Certificate Based Authentication for RDP
      • macOS
      • Android
      • iOS/iPadOS
      • Linux
    • Jamf Pro
      • General Configuration
      • Computers
      • Devices
      • Users
    • Other MDM Solutions
      • Google Workspace
        • ChromeOS
      • Kandji
      • Mosyle
      • SOTI MobiControl
    • Certificate Master
      • Manage Certificates
      • Certificate Signing Request (CSR)
      • TLS Server Certificate
      • Sub CA Certificate
      • Code Signing Certificate
      • Client Certificate
      • User Certificate
    • Domain Controller Certificates
    • Enrollment REST API
      • Self Service Enrollment
        • Intune Managed Linux Client
        • Unmanaged Linux Client
      • API Enrollment
        • Linux Server
        • Windows Server
  • Azure Configuration
    • Application Insights
    • App Service Sizing
      • Autoscaling
    • Custom Domain
    • Geo-Redundancy
    • Health Check
      • Using 3rd Party Monitoring
    • Log Management
    • Moving Resources
    • Private Endpoints
    • Split-Tenancy
  • Update Strategy
  • SCEPman Configuration
    • SCEPman Settings
      • Basics
      • Certificates
      • Certificate Master
      • CRL
      • Dependencies (Azure Services)
        • Azure KeyVault
        • Logging
        • Microsoft Entra ID (Azure AD)
        • National Cloud Platforms
      • Enrollment REST API
      • OCSP
      • SCEP Endpoints
        • DC Validation
        • Intune Validation
        • Jamf Validation
        • Static Validation
        • Static-AAD Validation
    • Certificate Master Settings
      • Basics
      • Microsoft Entra ID (Azure AD)
      • Logging
      • National Cloud Platforms
    • Application Artifacts
    • Certificate Master RBAC
    • Device Directories
    • Intune Strong Mapping
  • Other
    • Security & Privacy
    • Support
    • Licensing
      • Azure Marketplace
    • FAQs
      • General
      • Certificate Connector
      • Network Access Controllers
      • Renewing SCEPman Root CA
    • Troubleshooting
      • Common Problems
      • Certifried Security Vulnerability
      • Cisco ISE Host Header Limitation
      • Intune service discovery API permissions
      • Re-enrollment trigger
  • Uninstallation
  • Change Log
  • Links
  • SCEPman Website
Powered by GitBook
On this page
  • AppConfig:AzureCloudConfig:AzureADEndpoint
  • AppConfig:AzureCloudConfig:AzureADGraphEndpoint
  • AppConfig:AzureCloudConfig:AzureADGraphVersion
  • AppConfig:AzureCloudConfig:MSGraphEndpoint
  • AppConfig:AzureCloudConfig:KeyVaultEndpoint
  • AppConfig:AzureCloudConfig:ManagementEndpoint
  • AppConfig:AzureCloudConfig:IntuneAppId

Was this helpful?

  1. SCEPman Configuration
  2. SCEPman Settings
  3. Dependencies (Azure Services)

National Cloud Platforms

Last updated 8 days ago

Was this helpful?

These settings should only be applied to the SCEPman App Service, not the Certificate Master. Please refer to .

If you want to run SCEPman in a government / national cloud environment like GCC High, GCC DoD, or 21ViaNet, you have to alter some settings. If you run SCEPman in the standard Azure environment, just leave these settings empty to use the defaults. The following settings provide you the means to configure cloud-specific URLs and values if you are not using the standard Azure environment.

See also the if you want to log to a Log Analytics Workspace in a different cloud environment.

AppConfig:AzureCloudConfig:AzureADEndpoint

Linux: AppConfig__AzureCloudConfig__AzureADEndpoint

Value: URL as string

Description: This is the AAD logon URL. It defaults to https://login.microsoftonline.com.

For GCC High, use https://login.microsoftonline.us. For 21Vianet, use https://login.partner.microsoftonline.cn.

AppConfig:AzureCloudConfig:AzureADGraphEndpoint

Linux: AppConfig__AzureCloudConfig__AzureADGraphEndpoint

Value: URL as string

Description: This is the AAD Graph URL. It defaults to https://graph.windows.net/.

You may not need to configure this if you let SCEPman use only Microsoft Graph.

AppConfig:AzureCloudConfig:AzureADGraphVersion

Linux: AppConfig__AzureCloudConfig__AzureADGraphVersion

Value: string

Description: The version of AAD Graph to use. It defaults to 1.6.

AppConfig:AzureCloudConfig:MSGraphEndpoint

Linux: AppConfig__AzureCloudConfig__MSGraphEndpoint

Value: URL as string

Description: The URL of Microsoft Graph. It defaults to https://graph.microsoft.com.

For GCC High, use https://graph.microsoft.us. For GCC DoD, use https://dod-graph.microsoft.us. For 21Vianet, use https://microsoftgraph.chinacloudapi.cn.

AppConfig:AzureCloudConfig:KeyVaultEndpoint

Linux: AppConfig__AzureCloudConfig__KeyVaultEndpoint

Value: URL as string

Description: The URL of Azure Key Vaults. It defaults to https://vault.azure.net.

For GCC High, use https://vault.usgovcloudapi.net. For 21Vianet, use https://vault.azure.cn.

AppConfig:AzureCloudConfig:ManagementEndpoint

Linux: AppConfig__AzureCloudConfig__ManagementEndpoint

Value: URL as string

Description: The URL of the Intune API. It defaults to https://api.manage.microsoft.com.

For GCC High, use https://api.manage.microsoft.us.

AppConfig:AzureCloudConfig:IntuneAppId

Linux: AppConfig__AzureCloudConfig__IntuneAppId

Value: Guid as string

Description: The well-known Intune App ID. It defaults to 0000000a-0000-0000-c000-000000000000.

SCEPman Settings
Logging configuration