The article by Michael Meier (MVP Microsoft Intune) discusses the new feature of Intune Suite, Cloud PKI, which was introduced with Service Release 2402. With Cloud PKI, it is now possible to use Client Authentication certificates on all Intune managed devices without the need for deploying your own PKI Infrastructure or the Intune SCEP Connector. Everything can be managed within Intune.

There are two ways to deploy Intune Cloud PKI: a full cloud-managed option, which includes a Root and Intermediate CA within Intune, or using an existing PKI Infrastructure, where you can use your existing Root CA and only deploy an Intermediate CA in Intune.

The article provides a step-by-step guide on how to set up a full Cloud PKI experience without using an existing on-premises PKI, as well as how to set up an Intermediate CA using your own Root PKI. It also explains how to configure the SCEP URI, which is needed to create a SCEP Configuration Profile.