Ryan Fisher on Nostr: So I'm setting up the whole Intune Certificate Connector for Azure. I've got firewall ...
So I'm setting up the whole Intune Certificate Connector for Azure. I've got firewall etc. and conditional access. The separate NDES servers have keys that are HSM protected. Is there anything else I need to worry about?
Intune does add a NDES policy module which adds some RA level authentication for the SCEP service, but it still feels "icky" to have an exposed SCEP endpoint.
Published at
2023-06-04 23:54:25Event JSON
{
"id": "4e970ee527caf49cc3ebadce5f840b9b4769dbcf93465a38e5ef86b21d795b4b",
"pubkey": "8ce245fb2e650783cbe4b671c3079fb8ecba288d9abf5957dca7afc54402e786",
"created_at": 1685922865,
"kind": 1,
"tags": [
[
"mostr",
"https://infosec.exchange/users/wryanfisher/statuses/110488640890441418"
]
],
"content": "So I'm setting up the whole Intune Certificate Connector for Azure. I've got firewall etc. and conditional access. The separate NDES servers have keys that are HSM protected. Is there anything else I need to worry about?\n\nIntune does add a NDES policy module which adds some RA level authentication for the SCEP service, but it still feels \"icky\" to have an exposed SCEP endpoint.",
"sig": "f0f47d6f264e18817fb34fde6591c8516c4d916470ff28f147446a2983df63864692c9ead381e8a2222b6858a6d2ff3b6e0edba4a413637337c7fcee9b5efe70"
}
