Hey everyone!
I'm in the process of rolling out a passwordless solution at my company, combining Windows Hello for Business and Passkeys with Conditional Access Policies. We're currently operating in a hybrid environment but aiming for a full Azure/Entra join soon, and things have been going really well so far with user feedback being quite positive.
However, I'm facing a challenge with our wireless authentication, as our current WPA-Enterprise setup still requires users to know their passwords. As a temporary solution, we created a dedicated AD user for WiFi access, but I'd like to move away from this. I've been considering certificate-based authentication and my manager suggested setting up an in-house Active Directory Certificate Services (ADCS). I'm worried about the complexities and security risks associated with managing a PKI myself, especially since we're aiming for full cloud integration.
I've looked into Cloud PKI options like Intune PKI and SCEPman, and I prefer SCEPman for its cost-effectiveness and integration capabilities. I need to convince my manager that Cloud PKI is the way to go and why ADCS might not be the best choice. I'm also open to hearing counterarguments on why someone might favor ADCS over Cloud PKI. Any thoughts or advice would be greatly appreciated!
2 Answers
SCEPman is definitely a solid option. Just out of curiosity, are you using RDP connections? If so, you might want to look into something like Azure Virtual Desktop for your use case. That way you don't have to rely on complex password setups.
I just went through a similar process and ended up purchasing SCEPman. It was really straightforward to set up, and their documentation made it a breeze. I recommend trying their trial to see how it works for you.
Yeah, I do RDP into my servers, but I keep a strong, complex password for my admin account in my password manager. It sounds like if you're strictly using it for end users, RDP isn't necessary anyway.