In February 2024, Microsoft released its Cloud PKI (public key infrastructure) service as part of its existing Intune endpoint security suite. This service can drastically reduce costs and eliminate the need for on-premise servers to manage device and app certificates.

Traditionally, PKI infrastructure management requires extensive expertise and can be a major challenge for organizations that want to maintain security best practices while also keeping their costs in check. Intune Cloud PKI offers businesses a way to simplify and streamline their certificate management through a cloud-based solution.

Below, we’ll cover exactly what Cloud PKI is and how it fits into the broader Intune Suite endpoint ecosystem. We’ll also help you understand how it can benefit your organization and help you reduce your overall IT costs while improving device and app security.

Read: What Is Microsoft Intune & Why Do We Need It?

What is Intune Cloud PKI

Intune Cloud PKI is a 100% cloud-based system for managing an organization’s public key infrastructure (PKI). PKI certificates are necessary to validate devices and apps that access a company’s network. These certificates can be created, modified, or revoked as devices, data, and apps move through their lifecycle.

With Intune Cloud PKI, all of these certificates can now be easily managed in the cloud through a web-based interface. Previously, these certificates needed to be managed via on-premise physical servers. This created a significant expense and technical issues as servers needed to be procured, maintained, and managed. This costly endeavor made scaling more difficult and challenging for businesses.

With Microsoft's Cloud PKI, businesses can now easily scale their PKI infrastructure and adapt to changing work environments.

Features of Intune Cloud PKI

Cloud PKI offers several new features, many of which are designed to work synergistically with Microsoft Intune Suite. Below are some of the key benefits that Cloud PKI offers—

• ‍Complete Endpoint Management - With Cloud PKI, an organization can now manage its certificates in the same software suite as it manages its endpoints. This creates a new synergy and improves overall efficiency when deploying and managing devices, data, or apps.‍

• ‍Reduce Complexity - With a streamlined certificate process and easier web interface, certificate management is made less technical through Cloud PKI. IT personnel can now manage this task without the same level of expertise required before. This allows your most talented team members to focus on more critical tasks instead of repetitive certificate management.

• Fast Migration To The Cloud - With an on-premise PKI solution, there can be long deployment times that involve budgets, procurement, and physical installation. This process can span several departments and take weeks or even months to complete. With Cloud PKI, implementation and roll-out are significantly faster. In many cases, migration can be done in a day or less.‍

• ‍Automate For Efficiency & Security - Automation is key to reducing costs and improving efficiency across IT. Cloud PKI allows for automated certificate revocation as devices go through their lifecycle. Without this automation, manual certification management can allow older devices to continue having access to a network’s resources, posing a security risk.‍

• Certifications For Network Assets - Cloud PKI can manage certificates for devices, apps, and data. It can also manage certificates for assets such as Wifi, VPNs, and other resources.‍

• ‍Dashboards - Cloud PKI gives you instant insights into your entire endpoint security and certificate infrastructure. Quickly use filters or other search parameters to find certificates or troubleshoot issues. You can easily identify all of your current certificates and see how many are active, revoked, or expired. These dashboards are readily accessible from the main Cloud PKI web interface.‍

• Easier Compliance With Best Practices - Having a centralized cloud platform for PKI management makes it easier for SMBs to adhere to security best practices. For businesses dealing with security compliance requirements, migrating to Cloud PKI can make the process much easier.

What to Keep In Mind with Intune & Cloud PKI

Endpoint security can be one of the more difficult IT tasks for businesses to manage. The costs and expertise involved can be significant, especially in today’s modern remote and changing work environment.

PKI management can also be a challenge for smaller businesses that may not have the resources required to properly address this critical component of endpoint security. Microsoft Intune & Cloud PKI offers businesses a cost-effective way to maintain security and simply their overall endpoint security. Cloud PKI adds a key feature to the already efficient Intune Suite and lets businesses use certificate-based architecture (CBA) as they move towards a more streamlined passwordless system.

At Hypershift Technologies, we help businesses quickly manage their migration to the cloud. Whether you’re already an Intune Suite user and need to add Cloud PKI or you need to implement a cloud endpoint solution for the first time, Hypershift is there to help. Hypershift can fully plan and deploy your migration to Cloud PKI so you can immediately start to leverage the cost-savings and security benefits. We can also help with ongoing management and further scaling as your business needs change. Contact Hypershift today to learn more about Microsoft Intune Suite & Cloud PKI and how we can help your business reduce costs and improve security.

FAQ: Microsoft Intune & Cloud PKI

Below are some common questions and answers that new and existing users of Microsoft Intune Suite might have regarding the new Cloud PKI service.

Will There Be A Trial Period For Cloud PKI?

‍Yes. Cloud PKI will officially be released in February 2024 as a standalone or add-on product. IT will also be available as part of the Intune Suite. Starting March 1st, 2024, you can access Cloud PKI services on a trial basis. The trial is limited to 250 users and is valid for 90 days.

How Much Does Cloud PKI Cost?

As a standalone or add-on, Cloud PKI will cost $2 per user/per month. Cloud PKI will be included with the complete Intune Suite, which is available for $10 per user/month.

Can Cloud PKI Use S/MIME Certificates?

S/MIME will be supported through certain Intune and Cloud PKI services. You will be able to use Cloud PKI for the SCEP configuration profile when signing certifications. For encryption, Intune will be able to import PKCS certification profiles.

Can I Use Azure Key Vault With Cloud PKI To Issue Certificates?

No. Currently, you cannot add Cloud PKI certificate authority to the Azure Key Vault to issue certificates. Microsoft has stated they are contemplating the addition of this integration if there is a demand for it.

Will Cloud PKI Support Externally, Offline-Created Certificate Authority?

‍Many businesses and organizations require that a redundant external, offline-created Certificate Authority be implemented. Cloud PKI will fully support this type of architecture if your business requires it for security or compliance. How Are Certificate Requests Handled? During the initial release, only devices already enrolled through Microsoft Intune using the SCEP certificate profile will be able to request certificates. Depending on demand, further release versions may increase the options for certificate requests and protocol support. Currently, Cloud PKI will only support SCEP

What Devices Can Certificates Be Automated For?

‍Currently, Cloud PKI supports the automated issuing, revoking, and removal of certificates for devices enrolled and managed through Intune. Other certificate types such as ACME are being investigated and may be supported for automation in a later release version.