- Introduction to Windows 10 deployment with BlackBerry UEM
- Checklist for managing devices with UEM only
- Checklist for managing devices with UEM and SCCM
- Enrolling Windows 10 devices with BlackBerry UEM
- Enrolling a device to be managed with BlackBerry UEM
- Enrolling an unmanaged device with BlackBerry Access for Windows
- Setting up UEM policies and profiles to manage Windows 10 devices
- Import SCCM group policies to UEM
- Restricting or allowing device capabilities
- Setting device password requirements
- How BlackBerry UEM chooses which IT policy to assign
- Creating and managing IT policies
- Sending certificates to devices using profiles
- Setting up work email for devices
- Using Exchange Gatekeeping
- Setting up work VPNs for devices
- Setting up work Wi-Fi networks for devices
- Enforcing compliance rules for devices
- Setting up Windows Information Protection for Windows 10 devices
- Managing Windows 10 devices that are enrolled in UEM and SCCM
- Configuring UEM to manage apps for Windows 10 devices
- Connecting BlackBerry UEM to Microsoft Azure
- Specify the shared network location for storing internal apps
- Add a Windows 10 app to the app list
- App behavior on Windows 10 devices
- Setting up network connections for BlackBerry Dynamics apps
- Remote management for Windows 10 devices
- Managing Windows 10 device updates with BlackBerry UEM
- Using BlackBerry Intelligent Security
- Deactivating devices
- Related information
- BlackBerry Docs
- BlackBerry UEM 12.11
- Administration
- Windows 10 Planning and Deployment Guide
- Setting up UEM policies and profiles to manage Windows 10 devices
- Sending certificates to devices using profiles
- Using SCEP to send client certificates to devices
Using SCEP to send client certificates to devices
You can use SCEP profiles to specify how
Windows 10
devices obtain client certificates from your organization's CA through a SCEP service. SCEP is an IETF protocol that simplifies the process of enrolling client certificates to a large number of devices without any administrator input or approval required to issue each certificate. Devices can use SCEP to request and obtain client certificates from a SCEP-compliant CA that is used by your organization. The CA that you use must support challenge passwords. The CA uses challenge passwords to verify that the device is authorized to submit a certificate request.Depending on the device capabilities and activation type, devices can use the client certificates obtained using SCEP for certificate-based authentication from the browser or to connect to a work
Wi-Fi
network, work VPN, or work mail server.If your organization uses an
Entrust
CA or OpenTrust
CA, SCEP profiles are not supported for Windows 10
devices.