In Microsoft Intune, you can add third-party certificate authorities (CA), and have these CAs issue and validate certificates using the Simple Certificate Enrollment Protocol (SCEP). SCEPman is a fully unattended Certificate Authority using Azure Key Vault for Microsoft Intune based device certificate deployment. SCEPman is an Azure WebApp providing the SCEP and Intune API, using Azure Key Vault based RootCA and certificate signing. No other component is be involved, neither a database nor any other stateful storage except the Key Vault. That said, the SCEPman will not need any backup procedures.
As part of our #GKMechanics series, Gerrit Reinke, Cloud Architect at Glueck & Kanja, introduces our SCEPman, the Certification Authority (CA) directly in the cloud. It gives you the opportunity to create cloud-based certificates completely detached from existing structures. SCEPman does not require any existing PKI environments, but these can - if it makes sense - be integrated. Technologically, SCEPman is completely based on on Microsoft Azure technologies.