Skip to content

Install-MSIntuneNDESServer

SYNOPSIS

Prepare a Windows server for SCEP certificate distribution using NDES for Microsoft Intune.

SYNTAX

Install-MSIntuneNDESServer [-CertificateAuthorityConfig] <String> [-NDESTemplateName] <String>
 [-NDESExternalFQDN] <String> [-RegistrationAuthorityName] <String> [-RegistrationAuthorityEmail] <String>
 [-RegistrationAuthorityCompany] <String> [-RegistrationAuthorityDepartment] <String>
 [-RegistrationAuthorityCity] <String> [-RegistrationAuthorityState] <String> [-WhatIf] [-Confirm]
 [<CommonParameters>]

DESCRIPTION

This script will prepare and configure a Windows server for SCEP certificate distribution using NDES for Microsoft Intune. For running this script, permissions to set service principal names are required including local administrator privileges on the server where the script is executed on.

EXAMPLES

EXAMPLE 1

# Install and configure NDES with verbose output:

Install-MSIntuneNDESServer -CertificateAuthorityConfig "SRVCAISSUE01.gentgrp.gent.be\GENT SECURE SHA256 CA01" -NDESTemplateName "NDESIntune" -NDESExternalFQDN "scep.stad.gent" -RegistrationAuthorityName "SRVINTONPR01-MSCEP-RA" -RegistrationAuthorityEmail "certificaatbeheer@stad.gent" -RegistrationAuthorityCompany "District09" -RegistrationAuthorityDepartment "Systeembeheer" -RegistrationAuthorityCity "Gent" -RegistrationAuthorityState "Oost-Vlaanderen" -Verbose

PARAMETERS

-CertificateAuthorityConfig

Define the Certificate Authority configuration using the following format: \<IssuingCAFQDN>\\<CACommonName>.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-NDESTemplateName

Define the name of the certificate template that will be used by NDES to issue certificates to mobile devices. Don't specify the display name.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-NDESExternalFQDN

Define the external FQDN of the NDES service published through an application proxy, e.g. ndes-tenantname.msappproxy.net.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RegistrationAuthorityName

Define the Registration Authority name information used by NDES.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RegistrationAuthorityEmail

Define the Registration Authority email information used by NDES.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RegistrationAuthorityCompany

Define the Registration Authority company information used by NDES.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RegistrationAuthorityDepartment

Define the Registration Authority department information used by NDES.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 7
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RegistrationAuthorityCity

Define the Registration Authority city information used by NDES.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 8
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RegistrationAuthorityState

Define the Registration Authority State information used by NDES.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 9
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

FileName: Install-MSIntuneNDESServer.ps1 Author: Nickolaj Andersen Contact: @NickolajA Created: 2018-06-17 Updated: 2022-02-09

Version history: 1.0.0 - (2018-06-17) Script created 1.0.1 - (2022-02-09) Script updated for D09