Certificate

Certificate policy lets you deploy server CA certificates to secure and configure features such as Wi-Fi, E-mail, etc., on the managed devices. This policy is used to deploy certificates to mobile devices, ideally to secure and validate network communications from the device to any internal/external website. By pushing certificates to device, you can secure access to networks/servers, secure e-mail communication, etc., For example, you can deploy CA certificates to the managed devices, if your organization uses S/MIME to connect to a network/server. The certificates pushed to the device ensures the devices trust the enterprise CA. The supported certificate formats are .cer, .crt, .pem, and .der. Certificate profile can also be applied on Surface Hubs running Windows 10 Team OS.

The managed device must have a passcode set up for certificate to be installed on the device.

For scalable and simplified distribution of certificates in large organizations, you can configure Simple Certificate Enrollment Protocol (SCEP)

Profile Description

Profile Specification	Description
Certificate File	The file to be pushed to the managed devices.

The certificates are added only if the certificate files are not corrupt.
On certificate expiry, upload the renewed certificate as a new certificate in the profile and then push it to the managed devices.