Secure Every Device with Automated MDM-Driven Certificate Management
Integrate Foxpass Cloud PKI or Microsoft Cloud PKI with leading MDMs (Intune, Jamf, Kandji, Addigy, and more) to issue and manage X.509 certificates across all enrolled devices - powering seamless, passwordless access through Foxpass Cloud RADIUS
Why MDM + Foxpass Cloud PKI
Unified Device Identity and Access
Your MDM manages device posture; Foxpass manages trust. Together, they deliver end-to-end certificate lifecycle automation for network authentication, from enrollment to renewal and revocation.
Highlights:
Automate certificate enrollment through SCEP
Eliminate password-based Wi-Fi or VPN access
Enforce Zero Trust with device- and user-based an
Integrate with Foxpass Cloud RADIUS to authorize access based on verified device identity
How It Works
How It Works
Managed Devices (via MDM Integration) When a device is enrolled through your MDM (Intune, Jamf, Kandji, Addigy, or others), the MDM requests a certificate from your configured CA (Foxpass Cloud PKI, Microsoft Cloud PKI, or bring your own CA). The issued X.509 certificate securely identifies the device to Foxpass Cloud RADIUS at connection time.
Unmanaged/BYOD Devices (via Foxpass BYOD Installer) For BYOD environments, the Foxpass BYOD Certificate Installer handles certificate enrollment and installation without MDM dependency, ensuring both managed and personal devices are covered under one unified authentication system.
Certificate Lifecycle Management Foxpass Cloud PKI works together with your MDM to manage the full certificate lifecycle.
Issuance: Through MDM integration (SCEP) or user self-enrollment (BYOD Installer)
Renewal: Handled automatically by an MDM before expiration or through email notification for BYOD certificates
Revocation: Certificate is rejected when a device or user leaves the organization, or can be manually revoked in the Foxpass console
End-to-End Certificate Lifecycle with Foxpass Cloud RADIUS and MDM Integration
Certificate-Based Authentication in Action
Foxpass Cloud RADIUS uses the certificate presented by a device to verify:
Issuer validity (Foxpass CA, Microsoft CA, or bring your own CA)
Certificate expiration and revocation status
Mapping between device/user identity and network access policy
This enables secure, passwordless authentication for:
Wi-Fi (EAP-TLS)
VPNs
Wired LAN access
User- vs Device-Based Certificates
User Certificates Issued to individuals and tied to identity provider accounts (e.g. Entra ID, Google Workspace).
Used for user-based authentication on laptops, tablets, or mobile devices
Common for organizations using Conditional Access policies in Intune or similar
Device Certificates Issued to managed endpoints through MDM enrollment.
Tied to the unique device identity rather than the user
Common for shared devices, IoT endpoints, printers, or kiosk systems
Together, user and device certificates give full coverage for all access scenarios, aligning with Zero Trust network principles.
Benefits at a Glance
Seamless integration with leading MDMs (Intune, Jamf, Kandji, Addigy, Mosyle, Workspace ONE)
Automated SCEP-based certificate enrollment and renewal
Unified trust model across managed and BYOD devices
Passwordless EAP-TLS authentication for Wi-Fi and VPN
Works with Foxpass Cloud PKI, Microsoft Cloud PKI, or bring your own CA
Simplifies compliance and auditing with complete certificate traceability
Licensing and Compatability
MDM-driven certificate management is included with Foxpass Advanced User Licensing, supporting integration with MDM-managed environments and BYOD certificate enrollment. Use with:
Foxpass Cloud PKI, Microsoft Cloud PKI, or bring your own CA
Foxpass Cloud RADIUS for certificate-based access enforcement
Ready to automate certificate management for network access across all devices?
Leverage your MDM together with Foxpass Cloud PKI and Foxpass Cloud RADIUS for full control of your certificate-based network access.