Secure sensitive resources from unauthorized Windows devices

Intune excels at Windows device management—but it doesn't guarantee enrolled devices truly belong to your organization. Smallstep closes this gap by syncing directly with Intune, verifying device authenticity, and issuing credentials only to trusted hardware. More than just a CA, Smallstep ensures only verified Windows PCs access your critical resources.

Contact us
background graphic
PAM - Privileged Access Workflows

Only issue credentials to verified Windows devices

Smallstep checks every certificate request against your Intune inventory, blocking unrecognized Windows devices from obtaining credentials. This prevents personal, compromised, or rogue machines from accessing sensitive systems using stolen or shared credentials.

Abstract image of devices connected with lines

Eliminate static secrets

Traditional Windows deployments have relied on vulnerable static SCEP passwords. Smallstep upgrades Windows enrollment security with ACME Device Attestation, issuing hardware-bound, non-exportable credentials. For legacy hardware, Dynamic SCEP enables a smooth migration to secure certificate-based Wi-Fi and VPN authentication.

Zero-touch device configuration

Smallstep automatically deploys secure configuration profiles and credentials for Wi-Fi, VPN, and SaaS apps to all verified Windows devices. Streamline enrollment, eliminate manual steps, and ensure robust, error-free security across your Windows fleet.

Certificate lifecycles abstract diagram

Hands-free certificate management

Say goodbye to manual certificate renewals and revocation hassles. Smallstep proactively monitors each certificate’s lifecycle, renewing credentials before they expire and revoking access if a device is off-boarded or compromised. This reduces admin workload, prevents human errors, and keeps your device inventory up to date.

A laptop with the Smallstep logo surrounded by a cluster of OS logos

Unified security beyond Windows

Smallstep goes beyond Windows, seamlessly extending centralized, high-assurance device identity to macOS, Linux, and cloud environments. Whether you're using Intune, Jamf, or another MDM, Smallstep provides unified control and security across your entire device fleet.

Inventory list view UI

Learn more about the platform

The Smallstep platform helps mitigate numerous cybersecurity threats – from phishing to advanced hardware attacks – without impacting end-user workflows.

Learn more
gradient background

Leading the industry in Zero Trust for devices

Empower your teams to work at the pace and scale of modern engineering.

Book a demo