SCEPman
Search…
Intune Validation

AppConfig:IntuneValidation:ComplianceCheck

Experimental Setting - Applicable to version 1.7 and above.
SCEPman Enterprise Edition only
Before version 1.9, due to delayed compliance state evaluation during enrollment this feature breaks Windows Autopilot enrollment. After certificate deployment the immediate following OCSP check will return 'not valid' during enrollment time and the Autopilot process will not succeed.
With version 1.9 and above, clients receive an "Ephemeral Bootstrap Certificate" during the enrollment phase that is later replaced with a regular client certificate, as soon as the client becomes compliant.
Value: Always or Never
Description: When SCEPman receives an OCSP request, SCEPman can optionally check the device compliance state. When set to Always SCEPman will query the device compliance state and the OCSP result can only be GOOD if the device is also marked as compliant in Azure AD.
Settting this to Never will disable the compliance check.

AppConfig:IntuneValidation:WaitForSuccessNotificationResponse

Applicable to version 1.6 and above
Value: true or false
Description: After a certificate was successfully issued, SCEPman sends a notification about the certificate to Intune. Microsoft recommends to wait for the response in its specification. However, some instances show long delays resulting in timeouts occasionally. Therefore True is the default.
Setting this to False makes SCEPman return the issued certificate before Intune answers to the notification. This is against the letters of the specification, but increases performance and avoids timeouts in instances where this issue arises.

AppConfig:IntuneValidation:ValidityPeriodDays

Applicable to version 1.7 and above
Value: Positive Integer
Description: This setting further reduces the global ValidityPeriodDays for the Intune endpoint.
Last modified 1mo ago