Enrollment flow
BigFix MCM supports certificate management and certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
- Deploy the SCEP Group policy on to the MDM server.
- Enroll a device using OTA enrolment method
- Login to MDM server and navigate to respective MDM service log path i.e Windows/Apple
- Check the logs whether any errors found during the enrolment.
NEXT > NEXT
Result
- No enrollment errors in the MDM logs.
- Enrolment is successful. It invokes the SCEP certificate.
- User is able to see the certificate in certmgr.msc
- The certificate name is created using subject name that is mentioned in the
SCEP profile.
-
Login to the enrolled device, run the
"certmgr.msc"
cmd in run box, and navigate to the Personal > Certificates -
Check the certificate that is created with the subject name that is issued.
-