You can configure
Device Manager with Microsoft Certificate Services to generate user
certificates for certificate-based authentication with WIFI, VPN, and Exchange
ActiveSync profiles. You can also configure Device Manager as a Registration
Authority to generate requests and to issue device identity certificates with
Microsoft Certificate Services.
In addition, you can
configure Device Manager to use external SSL server certificates and digital
signature certificates from other PKI-trusted certificate authorities.
Changing the digital signature certificate or the SSL certificate authority
will disable the management of currently enrolled devices and require a
re-enrollment across all devices.
Device Manager can
make certificate requests to Microsoft Certificate Services through web
enrollment to enable certificate-based authentication for WIFI, VPN, and
Exchange ActiveSync profiles. Device Manager does this by acting as a client to
Microsoft Certificate Services and requesting certificates on behalf of users
with enrolled devices. This section describes how to create a Microsoft
Certificate Server entity and configure Device Manager to request certificates
for users enabling certificate-based authentication.