You can configure Device Manager with Microsoft Certificate Services to generate user certificates for certificate-based authentication with WIFI, VPN, and Exchange ActiveSync profiles. You can also configure Device Manager as a Registration Authority to generate requests and to issue device identity certificates with Microsoft Certificate Services.
In addition, you can configure Device Manager to use external SSL server certificates and digital signature certificates from other PKI-trusted certificate authorities.
Caution: Changing the digital signature certificate or the SSL certificate authority will disable the management of currently enrolled devices and require a re-enrollment across all devices.
Device Manager can make certificate requests to Microsoft Certificate Services through web enrollment to enable certificate-based authentication for WIFI, VPN, and Exchange ActiveSync profiles. Device Manager does this by acting as a client to Microsoft Certificate Services and requesting certificates on behalf of users with enrolled devices. This section describes how to create a Microsoft Certificate Server entity and configure Device Manager to request certificates for users enabling certificate-based authentication.