Product Documentation

Managing Security and Identity

Jun 05, 2013

In Device Manager, you use certificates to create secure connections and authenticate users.

To establish a secure connection, a server certificate is required at one end of the connection. A root certificate of the Certificate Authority (CA) that issued the server certificate is required at the other end.

  • Server certificate. A server certificate certifies the identity of a server. Device Manager requires this type of digital certificate.
  • Root certificate. A root certificate identifies the CA that signed the server certificate. The root certificate belongs to the CA. The user device requires this type of digital certificate to verify the server certificate.

You can submit certificates for signing to a CA who signs the certificate and returns it to you.

In addition to certificates, you can configure security and identity in Device Manager in the following ways:

  • Configure Device Manager by using Microsoft Certificate Services to generate user certificates for certificate-based authentication with WIFI, VPN, and Exchange ActiveSync profiles. You can also configure Device Manager as the CA to generate requests and to issue device identity certificates with Microsoft Certificate Services.
  • Configure your own SAML service and identify provider in Device Manager. The SAML-based infrastructure can authenticate users and their mobile devices.
  • Include Secure Device in your license that is activated automatically when you install Device Manager. Secure Device provides a strong level of security for user devices.
  • Enable Strong ID that is a form of two-factor authentication. This provides extra security when enrolling devices in Device Manager.
  • Configure filters in Device Manager that work with Network Access Control. Filters set users devices to be either compliant or not compliant. If a device is not compliant, the device is blocked from accessing the internal network.