Secure sensitive resources from unauthorized Windows devices

Intune excels at Windows device management—but it doesn't guarantee enrolled devices truly belong to your organization. Smallstep closes this gap by syncing directly with Intune, verifying device authenticity, and issuing credentials only to trusted hardware. More than just a CA, Smallstep ensures only verified Windows PCs access your critical resources.

Contact us
background graphic
Ephemeral certificate flow - key, timer, shield - short-lived credential lifecycle

Only issue credentials to verified Windows devices

Smallstep checks every certificate request against your Intune inventory, blocking unrecognized Windows devices from obtaining credentials. This prevents personal, compromised, or rogue machines from accessing sensitive systems using stolen or shared credentials.

Network infrastructure diagram - distributed endpoints, servers, segmented Zero Trust architecture

Eliminate static secrets

Traditional Windows deployments have relied on vulnerable static SCEP passwords. Smallstep upgrades Windows enrollment security with ACME Device Attestation, issuing hardware-bound, non-exportable credentials. For legacy hardware, Dynamic SCEP enables a smooth migration to secure certificate-based Wi-Fi and VPN authentication.

Smallstep Windows certificate automation with Intune MDM and cloud services integration

Zero-touch device configuration

Smallstep automatically deploys secure configuration profiles and credentials for Wi-Fi, VPN, and SaaS apps to all verified Windows devices. Streamline enrollment, eliminate manual steps, and ensure robust, error-free security across your Windows fleet.

Smallstep automated certificate distribution to Windows fleet through Intune MDM integration

Hands-free certificate management

Say goodbye to manual certificate renewals and revocation hassles. Smallstep proactively monitors each certificate’s lifecycle, renewing credentials before they expire and revoking access if a device is off-boarded or compromised. This reduces admin workload, prevents human errors, and keeps your device inventory up to date.

Multi-OS certificate deployment including Windows Intune, Apple MDM, and Linux management

Unified security beyond Windows

Smallstep goes beyond Windows, seamlessly extending centralized, high-assurance device identity to macOS, Linux, and cloud environments. Whether you're using Intune, Jamf, or another MDM, Smallstep provides unified control and security across your entire device fleet.

Multi-platform device dashboard - Render, Apple, Linux, RDP, Windows filters - 32,175 managed fleet

Learn more about the platform

The Smallstep platform helps mitigate numerous cybersecurity threats – from phishing to advanced hardware attacks – without impacting end-user workflows.

Learn more
gradient background

Leading the industry in Zero Trust for devices

Empower your teams to work at the pace and scale of modern engineering.

Book a demo