Certificate Enrollment Gateway can authenticate to Microsoft Intune using one of the following authentication methods:

• Password-based authentication: Certificate Enrollment Gateway authenticates to Microsoft Intune using an application key (also called a client secret) generated in Microsoft Intune.
• Certificate-based authentication: Certificate Enrollment Gateway authenticates to Microsoft Intune using a trusted certificate. The certificate must be imported into Microsoft Intune.

This section describes how to generate a client secret for the application you registered earlier in Microsoft Intune. Certificate Enrollment Gateway can then use this secret to authenticate to Intune.

To generate a client secret

1. Log in to the Microsoft Azure portal.
2. Under Azure services, click Azure Active Directory.
3. Click App Registrations.
4. Select the application you created earlier for the CEG Service.
5. Click Certificates & secrets.
6. Click New client secret.
   The Add a client secret page appears.
7. For Description, enter a description of the client secret.
8. For Expires, select a lifetime for the client secret.
9. Click Add.
   The client secret is displayed under the Client secrets pane.

10. Record the client secret. For example:

    abcdefghijklmnopqrstuvwxyz123456

    The client secret is also known as the Application Key. You need this value later to configure Certificate Enrollment Gateway for Microsoft Intune.