I’ve deployed a NDES environment integrated with a hybrid Microsoft Intune and Configuration Manager configuration. In this environment certificate deployment to Android and Windows Phone/Mobile is working fine. But for IOS devices it’s not working.
When we dive into this problem we see errors in the CRP.log.
With this error “key usage in CSR 160 and challenge 224 do not match” we know there is something with the certificate template on the CA Server.
I’ve found te solution on the Coretech Blog -> http://blog.coretech.dk/kea/troubleshooting-certificate-deployment-on-ios-devices-with-configmgr-intune/
After changing the Certificate property for the Key Usage Extension the problem was solved. Below the screenshots for the Certificate Template properties.