What is SCEP? Simple Certificate Enrollment Protocol Explained
SCEP (Simple Certificate Enrollment Protocol) is a common way to auto-enroll managed devices for X.509 certificates using your MDM, enabling passwordless access for Wi-Fi, VPN, and apps (often via EAP-TLS and 802.1X)
In this video, you’ll learn
What SCEP is and where it fits in an MDM + PKI architecture
The core components of a SCEP gateway (URL, CA, templates, shared secret, signing certificate)
How SCEP enrollment works end to end (profile, CSR, issuance, install, authentication)
Common variations and implementation considerations across platforms (Intune, Jamf, NDES)
Renewal and CA rollover basics
How SCEP compares to newer enrollment options like EST and ACME
Chapters
00:00 What is SCEP
01:05 Where SCEP fits (MDM, PKI, EAP-TLS, 802.1X)
02:30 SCEP gateway components you actually need
05:40 The SCEP enrollment flow (device request to issued certificate)
09:10 Shared secret and signing certificate considerations
11:30 SCEP variations (Intune, Jamf proxy, Microsoft NDES)
14:20 Certificate renewal vs CA rollover
16:40 SCEP vs EST vs ACME
19:10 High-level configuration checklist
21:15 Closing and next steps
Resources
Full guide: https://www.securew2.com/blog/simple-...
Managed PKI solutions: https://www.securew2.com/solutions/ma...
Intune SCEP CA integration: https://www.securew2.com/documentatio...
Jamf SCEP enrollment validation: https://www.securew2.com/documentatio...
Looking to roll out certificate-based access at scale
Start with the guide above, then reach out for implementation support and architecture guidance
Disclaimer
This content is for informational purposes and does not constitute security, legal, or compliance advice
#SCEP #PKI #MDM #802.1X