A Credentials profile allows you to push Root, Intermediate, and Client certificates to support any Public Key Infrastructure (PKI) and certificate authentication use case. The profile pushes configured credentials to the proper credentials store on the Windows Phone device.

Even with strong passcodes and other restrictions, your infrastructure remains vulnerable to brute force, dictionary attacks, and employee error. For greater security, you can implement digital certificates to protect corporate assets. To use certificates in this way, you must first configure a Credentials payload with a certificate authority, and then configure your Wi-Fi and VPN payloads. Each payload has settings for associating the certificate authority defined in the Credentials payload. ]

The Credentials profile also allows you to push S/MIME certificates to devices. These certificates are uploaded under each user account and controlled by the Credentials profile. For more information, see Certificate Management Overview.

Windows Phone 8.0 or 8.1 devices using the Credentials payload to push Personal Certificates need the AirWatch Agent downloaded. End users are required to install any certificates as mentioned in Install a Personal Certificate on a Windows Phone 8 Device. The Root and Intermediate certificates install silently onto the device without the AirWatch Agent or the end-user interaction.

Looking to use certificate-based EAP authentication for VPN and Wi-Fi profiles? See the Knowledge Base article: https://support.air-watch.com/articles/115001664448