Support the SCEP payload
We noticed the MDM payload for SCEP is not supported. it would be a great addition. Especially interesting is Dynamic-Microsoft CA mode, so that the payload would be working with OTP on each request to PKI.
Henry / Zentral Pro Services commented
yes with a static challengePassword creating the SCEP profile in external works - but that is sub ideal / non workable for Dynamic-Microsoft CA use. Given that SCEP is a >15 yr old standard, use a dynamic challengePassword help shorten the timeframe and further prevent a profile could be reused.
I vote for this too.
There is a solution, though, although more effort:
The profile for SCEP can be created outside of SimpleMDM, exported as a .mobileconfig file and then uploaded to SimpleMDM as a custom configuration profile.
To create the .mobileconfig profile file, use a different MDM like Apple Profile Manager or a tool like ProfileCreator.
This feature would be a welcome addition. The missing SCEP/NDES/MS-CA connector piece ensures we continue look back at intune MDM for macOS.