[Windows 8.1] UPN and SID for Certificate enroll on behalf of web service RRS feed

  • Question

  • Hi,

    I am investigating on the "EOBO" in Windows 8.1 Enterprise MDM Protocol document. 

    In the document, it seems like that the EOBO requires both UPN and SID. 

    However, in the document, an example request command is stated as follows.

    <ac:ContextItem Name="EnrollmentOnBehalfOfUser"> <ac:Value>{UPN}</ac:Value>

    It seems like you don't need the SID value in the request command. Am I correct?

    Tuesday, October 14, 2014 4:18 AM


All replies

  • You are correct. You don't need SID in the request command. However, you have to configure the registry with both SID and UPN for Enrollment on behalf of.
    Tuesday, October 14, 2014 3:22 PM
  • Hi, RashimiA-MSFT,

    Thanks for the replay and confirmation.

    Noted about the registry. Thanks!

    Wednesday, October 15, 2014 12:40 AM