This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 78%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Hello Intune Guru.
I have a question about secure intune. I have seen some organizations using SCEP in combination with Intune MDM. What is the benefit of using SCEP withe Intune?
Also, my organization thinking about creating Intune Autopilot to enroll Windows 11. Since 95% of our security settings in on GPOs, and Intune policies is not the same as GPO. How can we apply the same security settings from GPO to Intune MDM Autopilot devices.
Thanks for your help.
SCEP (Simple Certificate Enrollment Protocol) is a protocol that allows devices to securely enroll for and retrieve digital certificates. When used with Microsoft Intune, SCEP can provide the following benefits:
Overall, SCEP allows for secure and automated management of digital certificates on devices, which can help improve the security of the device and the organization's network.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@brichardi, Thanks for posting in Q&A.
Intune supports use of the Simple Certificate Enrollment Protocol (SCEP) to authenticate connections to your apps and corporate resources. When your infrastructure supports SCEP, you can use Intune SCEP certificate profiles (a type of device profile in Intune) to deploy the certificates to your devices.
https://video2.skills-academy.com/en-us/mem/intune/protect/certificates-scep-configure
To find if the setting in GPO exists on Intune, you can try the feature "Group Policy analytics". You can see more details in the following link:
https://video2.skills-academy.com/en-us/mem/intune/configuration/group-policy-analytics
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@brichardi, Long time not heard from you. I am writing to see if there's anything else we can help. If yes, feel free to let us know.
I've tried importing my GPO into Intune Group Policy Analytic, but unfortunately, less than 1/3 of the GPO setting is compatible with Intune Group Policy Analytic.
My next course of action would be implement Windows 10 Always On for all the laptop using remotely.
Thanks
@brichardi, Thanks for letting us know the status. For the policy not available, you can also try if the following feature can help:
If there's anything else we can help during this time, feel free to let us know.
I tried to import the GPO into intune, but unfortunately less than 1/3 of the settings is compatible with Intune group policy analysis.
My next steps is trying Windows 10 Always on VPN to see if the remote laptops will get all of the security settings from GPO.
@brichardi, Thanks for the reply. I notice you ae deploying VPN. If there's any more we can help, feel free to let us know.