Public Key Infrastructure (PKI) in Microsoft Intune


Public Key Infrastructure (PKI) is a complex, time-consuming technology that requires deep expertise. For many years, customers have been asking for a cloud-based PKI offering. In response to this demand, Microsoft is launching Microsoft Cloud PKI as a new addition to the Microsoft Intune Suite.

Microsoft Cloud PKI

Launching in February 2024, Microsoft Cloud PKI aims to simplify certificate management by moving it to the cloud. This service eliminates the need to deploy, configure, and manage on-premises servers or procure hardware. With Cloud PKI, organizations can set up PKI infrastructure in minutes instead of weeks.

Key Features

  • Certificate Management: Cloud PKI allows you to create multiple certification authorities and manage the lifecycle of certificates issued to Intune-managed devices.
  • Cross-Platform Support: At launch, Cloud PKI will be able to issue certificates across platforms, specifically Windows, iOS, macOS, and Android.
  • Lifecycle Management: Cloud PKI manages the full lifecycle of issued certificates for managed devices. It can perform automatic renewals when expirations near and expire certificates no longer in use.
  • Revocation: You’ll also be able to revoke certificates when devices are wiped, deleted, or removed from Intune. When appropriate, Cloud PKI will also provide an Intune certificate administrator with the ability to manually revoke a certificate, if needed based on security concerns or alerts from other security frameworks.
  • Authentication: Issued certificates from Cloud PKI can be used for certificate-based authentication (CBA) use cases, such as accessing Wi-Fi networks, VPNs, Windows Hello for Business, and even Microsoft 365 apps.


  • Simplicity: Cloud PKI provides a single pane of glass from the cloud for certification authorities, registration authorities, revocation distribution lists, monitoring, and reporting.
  • Cost Efficiency: With Cloud PKI, you can manage your certificates where you manage your endpoints, all while saving time and money by bringing your PKI infrastructure to the cloud.
  • Security: CBA provides a much more secure authentication method over passwords, improving an organization’s overall security posture.


In February 2024, Microsoft Cloud PKI will be available as part of the Microsoft Intune Suite. For added flexibility, this new solution will also be available as an individual add-on to Microsoft subscriptions that include Intune starting on March 1, 2024 for both enterprise and government customers.


Microsoft Cloud PKI is a significant step towards simplifying and automating certificate management. By eliminating the complexities and costs of traditional on-premises services, it allows organizations to focus on their core business while ensuring secure access to their resources.

About the author