Windows MDM bulk enrollment flow - Key usage not coming as a part of CSR RRS feed

  • Question

  • Hi All,

    We are trying for bulk enrollment work flow in case windows 10 MDM desktop devices.

    Below are the steps we are following.

    1)windows 10 MDM Device requests for SCEP policy from Server.

    2) Server issues SCEP policy which has key usage property set as below.

    <keySpec xsi:nil=\"true\"/>
    <permissions xsi:nil=\"true\"/>
    <cryptoProviders xsi:nil=\"true\"/>

    3) server provides certificates to the windows 10 devices after receiving the CSR from the devices.

    However CSR is not having key usage parameters set even server has provided the SCEP policy.

    4) We have also tried passing Extended key usage in SCEP policy. That also didn't help.


    Can we get any information on why the "Keyusage" property is not set in CSR? Do we need to set any additional attributes also in SCEP policy? Any suggestions would be of great help.



    Wednesday, April 10, 2019 5:53 AM