The following tasks must be completed before proceeding with the steps outlined in this documentation.

  • A certificate authority server must be set up and configured. If you want guidance as to the methodology of setting up a certificate authority, refer to Setting Up a Microsoft Certificate Authority for Use with Workspace ONE UEM. The certificate authority must be an enterprise certificate authority as opposed to a standalone certificate authority (standalone does not allow for the configuration and customization of templates).


    Important: Certificate Authorities can be set up on servers running a variety of operating systems, including Windows®2000 Server, Windows Server® 2003, and Windows Server 2008. However, not all operating systems support all features or design requirements, and creating an optimal design requires careful planning and lab testing before you deploy a client access server (e.g., ADCS) in a production environment.

  • Microsoft Exchange with ActiveSync enabled.
  • Internet Information Services (IIS) on the Exchange ActiveSync server must have the option Client Certificate Mapping Authentication installed.