Backtrack:  
 
by lunarg on November 2nd 2020, at 13:45

The Intune Certificate Connectors provides users and devices managed by Intune (joined in Azure AD) to (auto-)enroll certificates in an Active Directory Certificate Authority, either on-premise or in Azure. The connector is a piece of software which allows Intune to enroll and issue certificates on behalf of users/devices that aren't joined directly in the local AD but are joined in Azure AD instead, and needs to be installed on a server in the same AD domain as the Certificate Authority.

The installation is outlined here, but it isn't entirely complete as it omits a few requirements. After the installation, you are required to enter the credentials of an account with Azure Global administrator permissions, but this is only part of the requirement. The account you use needs to be licensed for Intune, otherwise the registration process for the connector will fail with this error:

In short, these are the things to check when installing and registering ("enrolling" as they call it during the setup process):

  • IE ESC needs to be disabled on the server running the connector for the account you are logged in.
  • The user you use to sign in to register the connector needs to have a license for Intune.
  • The user you use to sign in to register the connector needs to be a Global Administrator.

Once the connector is registered (i.e. it is visible in the list of Certificate connectors in Intune), the user no longer needs to be a Global Administrator and no longer needs to have a license for Intune.

 
 
« December 2024»
SunMonTueWedThuFriSat
1234567
891011121314
15161718192021
22232425262728
293031    
 
Links
 
Quote
« Debating Windows vs. Linux vs. Mac is pointless: they all have their merits and flaws, and it ultimately comes to down to personal preference. »
Me