Applies to: Nerdio Manager for MSP (NMM) v2.4+
Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). IT admins can upload MSIX app packages to Intune, to deploy applications to end-users. If an MSIX package is signed with a custom certificate, the certificate must be installed on the end-user PC for the application to work correctly.
Using certificates for authentication helps end-users access various applications without the need to enter usernames or passwords. Certificates provide seamless access through the following two phases:
- Authentication phase: The user’s authenticity is checked to confirm the user is who they claim to be
- Authorization phase: The user is subjected to conditions for which a determination is made on whether the user should be given access
Let us understand how you can manage your Intune certificates using the NMM portal.
Note: A certificate should be uploaded before assigning an application to groups.
Managing Intune certificates
Navigate to INTUNE > Apps page and scroll down to "Certificates for MSIX Apps" section:
By default, the Certificates for MSIX Apps section is hidden:
Click Settings 'gear' icon and disable Hide this section toggle to view the list of existing certificates:
Click Add certificate button to add a new certificate:
On Add certificate pop-up, enter the following details:
- Name: Enter a suitable name for your certificate
- Description: Enter a short description
- Certificate: Click Browse button to upload the certificate file. Note: Use .cer file(s) to make certificates available to cloud PC desktops. You can export the certificate from a Windows computer where it is installed. Make sure to use "Base-64 encoded X.509" format.
- Add all users: Check this option to apply the certificate to all users
- Add all devices: Check this option to apply the certificate to all devices
- Groups: Select group names from the drop-down. The certificate will be installed on desktops of members of selected groups if the members have Intune license. Note: Select Groups option will be disabled if you select Add all users or Add all devices option
- Click OK button to confirm action
To edit an existing certificate, select a certificate and click Edit button next to it:
On Edit certificate pop-up, you can update the name, description, upload new certificate file or change settings for user/device/group as shown below:
Click OK button to confirm action.
To delete an existing certificate, select a certificate and click Delete button next to it:
On the confirmation pop-up, click OK button:
You can search your certificates by typing in the certificate name in the search bar:
You can track the progress of your Intune apps or Intune certificate-related tasks under Apps tasks section. You can search tasks based on task name, username, or filter tasks based on their status (COMPLETED, IN PROGRESS, ERROR):