Microsoft Network Device Enrollment Service

Similar documents
Microsoft Authenticode

nshield HSM On-Premise Key Generation for Microsoft RMS

www. t ha les-esecur it y. com Thales e-security Integration Guide for Microsoft Windows Server 2012 and 2012 R2

www. t ha les-esecur it y. com Thales e-security Integration Guide for Microsoft Windows Server 2008 R2

www. t ha lesesecur it y. com Thales e-security Integration Guide for Microsoft Windows Server 2016

Microsoft ADRMS Integration Guide for Windows Server 2012 Integration Guide

Release Notes for the Time Stamp Server TM Software

Microsoft Active Directory Federation Service

Thales nshield Series

Secure IIS Web Server with SSL

Scenarios for Setting Up SSL Certificates for View. Modified for Horizon VMware Horizon 7 7.3

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

Scenarios for Setting Up SSL Certificates for View. VMware Horizon 6 6.0

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

Symantec Managed PKI. Integration Guide for ActiveSync

COMPLEX CERTIFICATE POLICIES

Certification Authority

Cloud Link Configuration Guide. March 2014

VMware AirWatch Certificate Authentication for EAS with ADCS

Kerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1810

Kerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1811

VMware AirWatch Integration with Microsoft ADCS via DCOM

Public Key Enabling Oracle Weblogic Server

CertAgent. Certificate Authority Guide

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

Configuring Certificate Authorities and Digital Certificates

Installing and Configuring vcloud Connector

Entrust Connector (econnector) Venafi Trust Protection Platform

Symantec PKI Enterprise Gateway Deployment Guide. v8.15

Send documentation comments to

Dameware ADMINISTRATOR GUIDE. Version Last Updated: October 18, 2017

Workspace ONE UEM Certificate Authority Integration with Microsoft ADCS Using DCOM. VMware Workspace ONE UEM 1811

Intel Unite. Enterprise Test Environment Setup Guide

Integrating AirWatch and VMware Identity Manager

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

SPNEGO SINGLE SIGN-ON USING SECURE LOGIN SERVER X.509 CLIENT CERTIFICATES

VeriSign Managed PKI for SSL and Symantec Protection Center Integration Guide

Apple Inc. Certification Authority Certification Practice Statement

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: November 10, 2011

nshield Microsoft SQL Server

Installing and Configuring vcloud Connector

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

etoken Integration Guide etoken and ISA Server 2006

Assureon Installation Guide Client Certificates. for Version 6.4

Generating Certificate Signing Requests

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

CertAgent. Certificate Authority Guide

Apple Inc. Certification Authority Certification Practice Statement

Fasthosts Customer Support Generating Certificate Signing Requests

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

Implementing Cross-Domain Kerberos Constrained Delegation Authentication An AirWatch How-To Guide

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Enterprise Vault.cloud Journaling Guide

SSL Certificates Certificate Policy (CP)

Symantec Ghost Solution Suite Web Console - Getting Started Guide

SafeNet Authentication Client

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Install and Issuing your first Full Feature Operator Card

VMware AirWatch Integration with OpenTrust CMS Mobile 2.0

Blue Coat Security First Steps Solution for Controlling HTTPS

Cisco Expressway Authenticating Accounts Using LDAP

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

SafeNet Authentication Client

Managing Certificates

HYCU SCOM Management Pack for F5 BIG-IP

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

This PDF Document was generated for free by the Aloaha PDF Suite If you want to learn how to make your own PDF Documents visit:

HYCU SCOM Management Pack for F5 BIG-IP

ZL UA Exchange 2013 Archiving Configuration Guide

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

CERTIFICATE POLICY CIGNA PKI Certificates

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

Authenticating Cisco VCS accounts using LDAP

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Windows Smart Card Logon Use Case

Using Kerberos Authentication in a Reverse Proxy Environment

VMware AirWatch: Directory and Certificate Authority

Thales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen

Windows Server 2012 Immersion Experience Enabling Secure Remote Users with RemoteApp, DirectAccess, and Dynamic Access Control

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

PERFORMING A CUSTOM INSTALLATION

Prophet 21 Middleware Installation Guide. version 12.16

Streamline Certificate Request Processes. Certificate Enrollment

Symantec Desktop and Laptop Option 8.0 SP2. Symantec Desktop Agent for Mac. Getting Started Guide

Comodo Certificate Manager

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

Installation Guide Worksoft Analyze

Installation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0

Designing and Managing a Windows Public Key Infrastructure

YubiHSM 2 for ADCS Guide. Securing Microsoft Active Directory Certificate Services with YubiHSM 2

Partner Information. Integration Overview Authentication Methods Supported

Dell Statistica. Statistica Enterprise Server Installation Instructions

Polycom RealPresence Resource Manager System

MaaS360 Cloud Extender NIAP Protection Profile Setup and Operations Guide. Abstract Guide to set up the Cloud Extender to meet the NIAP specifications

Veritas System Recovery 18 Management Solution Administrator's Guide

Transcription:

www. t ha les-esecur it y. com Thales e-security Microsoft Network Device Enrollment Service Integration Guide

Version: 1.0 Date: 12 February 2016 Copyright 2016 Thales UK Limited. All rights reserved. Copyright in this document is the property of Thales UK Limited. It is not to be reproduced, modified, adapted, published, translated in any material form (including storage in any medium by electronic means whether or not transiently or incidentally) in whole or in part nor disclosed to any third party without the prior written permission of Thales UK Limited neither shall it be used otherwise than for the purpose for which it is supplied. Words and logos marked with or are trademarks of Thales UK Limited or its affiliates in the EU and other countries. Information in this document is subject to change without notice. Thales UK Limited makes no warranty of any kind with regard to this information, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Thales UK Limited shall not be liable for errors contained herein or for incidental or consequential damages concerned with the furnishing, performance or use of this material. Microsoft Network Device Enrollment Service Integration Guide 2

Contents Chapter 1: Introduction 1 Chapter 2: Requirements 2 Chapter 3: Prerequisites 3 Chapter 4: Procedures 4 Install the HSM 4 Setting up roles for operating, managing and maintaining NDES 4 Installing nshield support software and enrolling NDES server with nshield Connect 5 Installing and configuring NDES 6 Configuring the NDES admin page to use a SSL certificate 7 Internet addresses 10 Microsoft Network Device Enrollment Service Integration Guide 3

Chapter 1: Introduction The Thales nshield Connect and nshield Solo Hardware Security Modules (HSM) can be integrated with Microsoft Windows Server 2012 R2 Network Device Enrollment Service (NDES) to issue certificates to network devices. The benefits of using an HSM with NDES include: Secure storage of the private keys used by NDES FIPS 140-2 level 3 validated hardware Full lifecycle management of the keys Failover support where multiple HSMs are available. This document explains how to set up and configure NDES with an HSM. The instructions in this document have been thoroughly tested and provide a straightforward integration process. There may be other untested ways to achieve interoperability. This document may not cover every step in the process of setting up all the software. This document assumes that you have read your HSM documentation and that you are familiar with the documentation and setup process for NDES. This document will guide through the installation and configuration of NDES and other required roles to complete the integration process. For more information about NDES, refer to the Microsoft documentation. The following integrations have been validated: Operating System Windows Server 2012 R2 Thales Security World Software version nshield Solo Support nshield Connect Support v12.00 Yes Yes - nshield Edge support For more information about Operating System (OS) support, contact Thales Support. For more information about contacting Thales, see Internet Addresses at the end of this guide. Additional documentation produced to support your Thales product can be found in the document directory of the CD-ROM or DVD-ROM for that product. Note: Throughout this guide, the term HSM refers to the Thales HSM. This guide assumes that you are familiar with the Thales HSM documentation, and with the documentation and setup process for Microsoft DNSSEC. For more information about installing the Microsoft DNSSEC, refer to the Microsoft documentation. Microsoft Network Device Enrollment Service Integration Guide 1

Chapter 2: Requirements Chapter 2: Requirements Before attempting to install the software, we recommend that you familiarize yourself with the NDES documentation and setup process and that you have the Thales documentation available. We also recommend that there be an agreed organizational Certificate Policy (CP) and Certificate Practice Statement (CPS) in place covering administration of both the Public Key Infrastructure (PKI) and any HSMs. In particular, these documents should specify the following aspects of PKI and HSM administration: An already configured Root Certification Authority (CA) and its associated Security World. An already configured issuing CA (a subordinate CA) and its associated Security World. For further details regarding setting up Microsoft Active Directory Certificate Services (AD CS), refer to the Thales e-security Integration Guide for AD CS and OCSP. This guide will provide configuration steps to install and configure an AD CS. The number and quorum of Administrator Cards in the Administrator Card Set (ACS), and the policy for managing these cards. Whether the application keys are protected by the HSM or an Operator Card Set (OCS). The number and quorum of Operator Cards in the OCS, and the policy for managing these cards. Whether the Security World should be compliant with FIPS 140-2 level 3. Key attributes such as the key size and time-out. Note: NDES currently only supports CAPI. For more information about Security World and its features, refer to the User Guide for the HSM. Microsoft Network Device Enrollment Service Integration Guide 2

Chapter 3: Prerequisites Chapter 3: Prerequisites Before installing and configuring NDES, it is assumed that the following are installed and configured: A virtual directory on a web server to act as a PKI repository. The PKI repository is required to publish CA certificates (Root CA and issuing CA certificates) and Certificate Revocation Lists (CRL). Based on your organizational requirements for high-availability of the PKI repository, you may want to configure multiple web servers to act as the PKI repository A Root CA and its associated Security World is installed and configured. The Root CA issues a certificate to the issuing CA (i.e. subordinate CA). On the issuing CA server, an issuing CA and its associated Security World is configured. An issuing CA issues certificates to NDES and the devices being enrolled through NDES. Microsoft Network Device Enrollment Service Integration Guide 3

Chapter 4: Procedures Chapter 4: Procedures This document will guide you through the following procedures involved in configuring NDES with nshield Connect HSM: Install the HSM Install and configure NDES Configuring the NDES Admin web page to use an SSL certificate. Install the HSM Install the HSM using the instructions in the Installation Guide for the nshield Connect. We recommend that you install the HSM before configuring the ncipher software and before installing and configuring NDES. Setting up roles for operating, managing and maintaining NDES This guide assumes that the NDES is to be installed on its own server (i.e. a server machine dedicated to install and configure NDES). To set up roles for operating, managing and maintaining NDES: 1. Log on to a Domain Controller as Domain Administrator. 2. From the Start menu, select Active Directory Users and Computers. 3. In the console tree, expand <your domain>.com, right-click Users and select New > User. 4. Enter the name SCEPAdmin and click Next. 5. Enter the password for the SCEPAdmin, click Next and click Finish. 6. Repeat the steps above to create new users for SCEPSvc and SCEPDeviceAdmin. The following configurations on issuing CA and NDES server are required to be performed by Domain Administrators. SCEPAdmin 1. For the SCEPAdmin account: a. Add this account to the Enterprise Administrators and Domain Admins groups. b. On the issuing CA to be used for NDES, open the Certificate Templates Console: i. Select Certification Authority from the Tools menu in the Server Manager. ii. Expand the issuing CA node in the left pane, right-click Certificate Templates and select Manage. iii. Give this account the Enroll permission on the Exchange Enrollment Agent (Offline request) and CEP Encryption certificate templates. This can be done by right-clicking these templates in the right-hand pane of Certificate Templates Console, choose Properties, click the Security tab and then allow Enroll permissions for this account. c. On the issuing CA, in the Certification Authority right-click the issuing CA node and choose Properties. d. Click the Security tab and Add this account. Microsoft Network Device Enrollment Service Integration Guide 4

Chapter 4: Procedures SCEPSvc e. Once the account is added, provide it with the Manage CA and Issue and Manage Certificates permissions. 1. For the SCEPSvc account: a. On the server to be used for NDES, add this account to the local IIS_IUSRS group. b. On the issuing CA, in the Certification Authority right-click the issuing CA node and choose Properties. c. Click the Security tab and Add this account. d. Once the account is added, provide it with the Request Certificates permissions. e. On the issuing CA, open the Certificate Templates Console, provide this account with the Enroll permission on the IPSec (Offline request) certificate template (it should already have the Read permission.) f. On the issuing CA, the Service Principal Name (SPN) also needs setting for this account in Active Directory. The following command should be run (assuming you are logged in as a Domain Administrator): setspn -s HTTP/<NDES Computer FQDN> <Domain Name>\SCEPSvc SCEPDeviceAdmin 1. For the SCEPDeviceAdmin account: a. On the issuing CA, give this account the Enroll permission to the IPSEC (Offline request) certificate template. Installing nshield support software and enrolling NDES server with nshield Connect To create a new alias: 1. Login as an administrator on NDES server and install Thales Security World Software for nshield. 2. On the NDES Server, run the following commands to enroll the server with the nshield Connect HSM (you should navigate to %NFAST_HOME%\bin directory or set this in the PATH): anonkneti <IP address of the nshield Connect HSM> nethsmenroll --force --verify-nethsm-details <IP address of the Connect HSM> 3. Using nshield Connect HSM front panel, add the NDES server as a client of the HSM using the System System configuration Client config option. a. Choose New client and enter the NDES Server IP address. b. Choose the unprivileged option, do not enrol with ntoken and use TCP port 9004. Microsoft Network Device Enrollment Service Integration Guide 5

Installing and configuring NDES 4. Back on the NDES Server, run the following commands to set up the NDES Server as a cooperating client of the RFS and to transfer the Security World files including application key tokens from the RFS to the local Key Management Data directory: rfs-setup --gang-client --write-noauth <NDES Server IP address> rfs-sync --setup --no-authenticate <RFS IP address> rfs-sync --update 5. Use ncipher CSP Install Wizard for installation of the ncipher Cryptographic Services Provider (CSP)/Key Service Providers (KSP), select Use the existing security world and ensure that Module protection is selected for key protection. Also ensure that you have checked Select to set the ncipher CSP as the default SChannel CSP in the wizard. Note: The NDES does NOT support CNG/KSPs for creation of the two certificates that it uses for providing the service (Exchange Enrollment Agent/CEP Encryption). Also the certificates issued by NDES to devices are restricted to RSA 1024/2048 and SHA-1 for hashing/signing. Installing and configuring NDES To install and configure NDES: 1. On the NDES Server, login as SCEPAdmin and go to Server Manager, choose Manage and then Add Roles & Features. 2. On the Before You Begin page, click Next. 3. On the Installation type page, ensure Role-based or feature-based installation is selected, then click Next. 4. On the Select Destination Server screen, choose the local server and click Next 5. On the Select server roles screen, choose Active Directory Certificate Services. The Add Roles and Features Wizard will appear. Click Add Features and then click Next. 6. On the Select features screen, do not select any additional features and click Next. 7. On the Active Directory Certificate Services screen, click Next. 8. On the Select role services screen, uncheck Certification Authority and check the box for Network Device Enrollment Service. 9. If Web Server Role (IIS) is not already installed on the server, a number of additional required features will be displayed. Click the Add Features button and then click Next. 10. On the Web Server Role (IIS) screen, review the information and then click Next. 11. On the Select role services screen, do not check or uncheck any of the selected services. Click Next. 12. On the Confirmation page, review the list of services and features to be installed and then click Install. Wait until the installation completes. 13. Once installation has completed, click on the Configure Active Directory Certificate Services on the destination server link in the middle of the Installation progress screen. 14. If not already logged in as SCEPAdmin, on the Credentials screen for NDES configuration, click the Change button and choose the SCEPAdmin account created earlier click OK and then click Next. 15. On the Role Services screen, check the box for Network Device Enrollment Service and then click Next. Microsoft Network Device Enrollment Service Integration Guide 6

Chapter 4: Procedures 16. On the Service Account for NDES screen, ensure that Specify service account is selected, then click the Select button. 17. Enter the requested credentials for the SCEPSvc account previously created, then click OK and then Next. 18. On the CA for NDES screen, select the CA name radio button, click the Select button and in the resulting dialog box, choose the issuing CA. Click OK and then click Next. 19. On the RA Information screen, note the specified Registration Authority name and complete any of the optional information as required. Then, click Next. 20. On the Cryptography for NDES screen, the choices for Signature Key Provider and Encryption Key Provider are made. You can use the issuing CA Security World to store the NDES RA Certificates private keys. The ncipher Enhanced Cryptographic Provider is recommended. 21. Choose the required CSP(s) and key sizes (2048 is recommended), then click Next. Only CryptoAPI (RSA/SHA-1 type) algorithms are supported. CNG/KSPs are NOT supported. 22. At the Confirmation screen, review the chosen options, then click Configure. If using the Security World to protect the NDES RA private keys on the issuing CA, and OCS was selected for key protection, then you will be asked to enter quorum of OCS and their associated passphrases while generating RA private keys. Look for a cog icon which may be flashing on the Taskbar on the issuing CA. 23. Once the configuration has completed, click Close in the Results window on NDES server. 24. Any failure for the configuration to complete should be investigated. Use the installation logs and event logs for more information. 25. Test access to the NDES Admin web site on a client machine (or different server to the NDES Server) using the following address: http://<ip Address of NDES server>/certsrv/mscep_admin Note: Thales does not recommend using plain HTTP address to access NDES admin website. The above HTTP address is used to ensure that NDES configurations applied are valid. The process to configure the NDES admin website to use an SSL certificate is described below. The address http://<ip Address of NDES server>/certsrv/mscep which is used by devices for certificate request/retrieval should also be verified. You may want to configure your HTTP address to be redirected to HTTPS for the devices requesting to be enrolled. Refer to Microsoft documentation to perform this configuration, if required. Configuring the NDES admin page to use a SSL certificate This section assumes that Thales Security World Software for nshield is already installed on the NDES server and that the NDES server has been enrolled with the nshield Connect HSM and vice versa. In addition, the relevant CSPs and KSPs have been installed using the ncipher wizards and that Security World and the nshield Connect HSM are available to the NDES Server. Module key protection will be used for all NDES private keys. This is because IIS cannot use an OCS greater than a 1/N cardset and cannot use an OCS with passphrases assigned. Microsoft Network Device Enrollment Service Integration Guide 7

Configuring the NDES admin page to use a SSL certificate 1. Having completed the NDES role installation and having tested that the NDES web service is available through a client browser, create a request.inf file using Notepad on the NDES Server containing the following data: [Version] Signature= "$Windows NT$" [NewRequest] Subject = "CN=<FQDN of NDES Server>" HashAlgorithm = SHA256 KeyAlgorithm = RSA KeyLength = 2048 ProviderName = "ncipher Security World Key Storage Provider" KeyUsage = 0xf0 MachineKeySet = True [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 2. Save the file in a convenient location so it can be accessed by the issuing CA. Note: If the entries are not in the correct order or are misspelt, errors will occur when parsing it. Note: You must change the information in the Subject field to appropriately reflect the Fully Qualified Domain Name (FQDN) of the NDES Server, for example: ndes.testlab.com. It is necessary to create a template for the NDES Admin web service certificate request to ensure that the ncipher KSP is used to generate the key pair. 1. Open a command prompt and run the following command (this will create a Certificate request file which will be submitted to the CA): certreq.exe -new request.inf <nameofrequest>.req 2. Copy the resulting <nameofrequest>.req file to the issuing CA. 3. On the issuing CA, it is necessary to set up the issuing CA so that it can issue certificates based on the Web Server certificate template 4. Open the Certification Authority tool and expand the issuing CA node in the left hand pane. 5. Right-click on Certificate Templates, click New, and then click Certificate Template to Issue. 6. Choose the Web Server template from the dialog box and click OK. 7. On the issuing CA, run the following command: certreq -submit -attrib CertificateTemplate:WebServer <request.req> This command submits the previously created Certificate request file, requesting that the Certificate be generated using the existing WebServer certificate template. The WebServer template contains all the necessary settings that will generate a certificate that can be used for securing SSL/TLS traffic. Microsoft Network Device Enrollment Service Integration Guide 8

Chapter 4: Procedures 8. A Certification Authority List dialog box will open. Select the issuing CA and click OK. Look for a cog icon which may be flashing on the Taskbar - this may occur when an issuing CA is configured to use an OCS and requires an OCS pin to be entered. 9. Provide a file name for the certificate generated as requested and then copy the generated certificate back to the NDES Server. 10. On the NDES Server, run the following command: certreq.exe -accept <nameofcert>.cer This command installs the certificate into the local machine store, matching it with the private key previously created using the ncipher CSP, completing the Certificate request. 11. Open certlm.msc: 1. Right click on Windows Start menu, select Run. 2. Type certlm.msc and press return. 12. Select the Personal store in the left pane and then double click Certificates folder in the right pane. 13. Check that a certificate issued to the FQDN of the NDES Admin web site is available. The certificate will not have a Friendly Name. If you wish to add one, this can be done by rightclicking the certificate, selecting Properties and adding a name in the Friendly name box. Click OK to complete. Friendly Name does not form part of the cryptographically signed part of the certificate and so can be amended post issuance without affecting the certificate's integrity. 14. On the NDES server, in the IIS Manager, right-click Default Web Site in the left pane and choose Edit Bindings. 15. Click Add. In the Add Site Binding dialog box choose HTTPS for the Type. Under SSL Certificate choose the certificate previously created, click OK and then Close. 16. For operational reasons, it is recommended to increase the maximum number of allowed unique passwords generated by the NDES service to 30 before the service needs to be restarted. 1. Open regedit: 1. Right click on Windows Start menu, select Run. 2. Type regedit and press return. 2. Navigate to HKLM\Software\Microsoft\Cryptography\MSCEP. 3. In the MSCEP folder, create a new key called PasswordMax. 4. Within the new key, create a new DWORD (32-bit) value of PasswordMax. 5. Set the value of the PasswordMax DWORD to be 30. 17. Stop and restart the IIS Web Service through any applicable method (e.g. services.msc or through the IIS Manager). 18. Test access to the NDES Admin web site on a client machine (or different server to the NDES Server) using the following address: https://<web site address>/certsrv/mscep_admin. When accessing https://<web site address>/certsrv/mscep_admin, you will be presented with a SSL certificate which the browser will ask you to verify. Make sure that you verify the presented SSL certificate before accepting to trust it and proceeding with the NDES Admin web site. Microsoft Network Device Enrollment Service Integration Guide 9

Internet addresses Web site: Support: Online documentation: International sales offices: http://www.thales-esecurity.com/ http://www.thales-esecurity.com/support-landing-page http://www.thales-esecurity.com/knowledge-base http://www.thales-esecurity.com/contact Addresses and contact information for the main Thales e-security sales offices are provided at the bottom of the following page. Microsoft Network Device Enrollment Service Integration Guide 10

www. t ha les-esecur it y. com About Thales e-security Thales e-security is a leading global provider of data encryption and cyber security solutions to the financial services, high technology manufacturing, government and technology sectors. With a 40-year track record of protecting corporate and government information, Thales solutions are used by four of the five largest energy and aerospace companies, 22 NATO countries, and they secure more than 80 percent of worldwide payment transactions. Thales e-security has offices in Australia, France, Hong Kong, Norway, United Kingdom and United States. For more information, visit www.thales-esecurity.com Follow us on:

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback