This will guide you through all steps to get a recommended Community (SCEPman CE) production environment.
If you want to deploy:
a trial environment, please follow the Trial Guide​
enterprise (SCEPman EE) environment, please follow the Enterprise Guide​
Let´s start with the requirements and a resource overview. Keep in mind that you need to plan a useful Azure resource design.
Azure resource naming convention
Azure subscription
Azure contributor rights (at least on Resource Group level)
Azure AD "Global administrator" (Consent to access Graph API)
Public Domain CNAME (scepman.yourdomain.com)
SSL (Wildcard-)Certificate (or use App Service Managed Certificate)
All these resources are deployed for a trial environment.
Type | Description |
App Service | The running SCEPman application and provides a UI to configure different application specific settings like CNAME, SSL certificate and App Settings. |
App Service Plan | A virtual set of compute resources and configurations for the "App Service". Here you can configure the pricing tier and resource scaling. |
Key Vault | Tool to store securely secrets and certificates. The SCEPman application will generate and save the root certificate in your Key Vault. |
Application Insights | Application Performance Management (APM) tool to get insights of the SCEPman applications and requests. Needed to measure performance and good for service optimization. |
Storage account | Storage platform to upload the SCEPman artifacts and save log files. The "App Service" will load the artifacts from a public blob store URI and save all the application and web server logs in a blob container. |
Log Analytics workspace | A centralized and cloud-based log storage. The "App Service" will save all platform logs and metrics into this workspace. |
Before we can start the resource deployment, we need to create an "Azure App Registration".
To start with the deployment, you need to follow our Setup instruction:
After the deployment completed you need to create the root certificate:
To have your SCEPman available under your specific domain you need to create a Custom Domain in the App Service.
The next step is to configure the Storage account and change the Artifact location in your App Service.
We recommend the production channel.
You can configure two different logging parts in your App Service, to retain your log data. The one part is the App Service Logs, which will save all application and IIS server-based log data. The other part is the Diagnostic settings, this contains platform logs and metrics data.
Use the storage account we created in Step 4 and create two new blob containers. This blob containers can be selected in the App Service Logs instructions. In the Diagnostic settings you can directly choose the storage account and blob containers will be created automatically.
The Application Insights can be used to get an overview of the App Service performance and to get deeper insights of the request processing of SCEPman. We recommend to always configure Application Insights to monitor, maintain and optimize the App Service.
We can configure a Health check for the App Service to get direct notifications in case that the SCEPman stops working.
With the completion of the first steps, we have a working SCEPman implementation and can now deploy certificates to our devices.
In the Endpoint Manager (Intune) you can create Configuration profiles for various platforms. Choose your OS platform from the below links:
After configuration of the Intune profiles, we will get your certificates to your devices and can start using them. Now enjoy SCEPman and if you have any questions please contact us. Further details can be found on https://scepman.com​