Hi Gmorrallee, Why are you using SCEP to deploy certificates to Azure AD joined devices? It is much easier to deploy certificates from your internal CA environment when using PKCS certificate profile in Intune. With that you only need the certificate connector setup and the correct certificate template requirements. Then you configure the PKCS certificate profile and you have your certificate on the device. The requirements are: - Compatibility set to win7/2008R2 or higher - Private key exportable - Subject name supply in the request - For deployment with the certificate connector you need to give the server which has the certificate connector installed or a setup service account for that, have certificate enroll permissions on the certificate template. For the rest you can leave everything default. This is for a user certificate. I don't know by heart if a device certificate has any different requirements. Hopefully this helps.
... View more