Microsoft Technical Takeoff: Utilize, configure, and management Cloud PKI like a pro

Bill Calero, product manager for Microsoft Cloud PKI, teams up with Jack Poehlman, principal product manager, for a deep-dive session from the Microsoft Technical Takeoff for Windows and Intune on how to configure and run Cloud PKI like you’ve done it a hundred times (even if yesterday was your first date). They level-set what Cloud PKI delivers today—cloud-based certificate authorities that issue client authentication certificates to Intune-enrolled devices across Windows, iOS, macOS, and Android, with full lifecycle management for issuance, renewal, and revocation—without standing up NDES. Bill walks through the anatomy of setting up a root CA and issuing CA, reporting and searching leaf certificates, and a newer capability for deleting a certificate authority when you truly mean it. He also covers SCEP profile gotchas that matter in Cloud PKI, like stricter Subject Alternative Name validation (including URI formatting per RFC 3986) and the fact that “Any Purpose” EKUs aren’t allowed because…well…they’re a security gremlin in a trench coat. The session closes with practical notes on platform limits (like CA count) and experience improvements in the Intune console, including the lift of the 1,000-certificate display limit via an updated, scrollable leaf certificate view—and a teaser that post-quantum cryptography support is on the horizon.

We produced this pre-recorded streamed session with the kind of calm, controlled momentum that makes complex technical content feel surprisingly human. We built the run-of-show so the narrative stays clear, designed the graphics package to keep viewers oriented, and worked with the speakers to land the “watch this, now this” moments without losing the thread. Then we captured everything through our remote studio workflow, shaped it in post for pacing and clarity, and delivered a reliable multi-channel stream—so the experts can focus on being experts, not part-time broadcast engineers.