Submit a request

Nerdio Help Center

Overview of Intune certificates

Applies to: Nerdio Manager for MSP (NMM) v2.4+

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). IT admins can upload MSIX app packages to Intune, to deploy applications to end-users. If an MSIX package is signed with a custom certificate, the certificate must be installed on the end-user PC for the application to work correctly.



Using certificates for authentication helps end-users access various applications without the need to enter usernames or passwords. Certificates provide seamless access through the following two phases:

  • Authentication phase: The user’s authenticity is checked to confirm the user is who they claim to be
  • Authorization phase: The user is subjected to conditions for which a determination is made on whether the user should be given access

Let us understand how you can manage your Intune certificates using the NMM portal.

Note: A certificate should be uploaded before assigning an application to groups.

Managing Intune certificates

Navigate to INTUNE > Apps page and scroll down to "Certificates for MSIX Apps" section:


By default, the Certificates for MSIX Apps section is hidden:


Click Settings 'gear' icon and disable Hide this section toggle to view the list of existing certificates:


Click Add certificate button to add a new certificate:


On Add certificate pop-up, enter the following details:

  • Name: Enter a suitable name for your certificate
  • Description: Enter a short description
  • Certificate: Click Browse button to upload the certificate file. Note: Use .cer file(s) to make certificates available to cloud PC desktops. You can export the certificate from a Windows computer where it is installed. Make sure to use "Base-64 encoded X.509" format.
  • Add all users: Check this option to apply the certificate to all users
  • Add all devices: Check this option to apply the certificate to all devices
  • Groups: Select group names from the drop-down. The certificate will be installed on desktops of members of selected groups if the members have Intune license. Note: Select Groups option will be disabled if you select Add all users or Add all devices option
  • Click OK button to confirm action


To edit an existing certificate, select a certificate and click Edit button next to it:



On Edit certificate pop-up, you can update the name, description, upload new certificate file or change settings for user/device/group as shown below:


Click OK button to confirm action.

To delete an existing certificate, select a certificate and click Delete button next to it:


On the confirmation pop-up, click OK button:


You can search your certificates by typing in the certificate name in the search bar:


You can track the progress of your Intune apps or Intune certificate-related tasks under Apps tasks section. You can search tasks based on task name, username, or filter tasks based on their status (COMPLETED, IN PROGRESS, ERROR):


Was this article helpful?
0 out of 0 found this helpful
Important Notification for NFA Partners Only
  • Microsoft is sunsetting Azure Classic (not Azure Virtual Desktop (AVD)) - Microsoft Article
  • NFA sunset occurs February 20th, 2023
  • NFA will be fully supported until the official sunset -


Please sign in to leave a comment.