Thank you, gosh yes ignore my strong wording in hindsight. Thanks for your well thought out responses! ... View more

Unfortunately your post is pointless!  Everyone already knows how to get user certs to work on inTune devices. The whole point of the issue is trying to have Intune only devices connect with device certs - so connected before user logins. We obviously don't want to join these in a hybrid manner on prem, we're rolling off on prem, these devices are NON DOMAIN JOINED/non hybrid joined. Not in Active Directory, only AAD. Thank you though!  ... View more

Ugh dealing with Microsoft support, there goes weeks of going round in circles.  Sounds like our Infrastructure is exactly the same as yours.  I am thinking to just try importing the cloud SCEP cert (in our case SCEPMan cert) in to the Radius server Trusted Root Certificates. Then there seems to be an option to add additional certs in the Microsoft NPS settings. (currently its using the PKI cert assigned to the RADIUS server)  Playing with this risks breaking our current wifi and RADIUS servers though.  I'm currently talking to Glueck Kanja who have been very helpful - I'll let you know if we get anywhere.  Thanks again!  ... View more

Did you ever work this out? I can't believe such a simple part of the puzzle isnt really in any documentation anywhere- how do you configure Microsoft's NPS server to use these cloud SCEP certs for authentication? How do we add an external cert to the trusted lists within the NPS settings.    I dont really see any of these replies succinctly giving you this answer.  ... View more