From 0afaabeda93704522f51b1f2600fa4b43061617d Mon Sep 17 00:00:00 2001 From: Josh Drake Date: Mon, 17 Nov 2025 23:20:27 -0600 Subject: [PATCH 1/3] Fix type in WS1 Credential configuration docs. --- tutorials/connect-workspace-one-to-smallstep.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tutorials/connect-workspace-one-to-smallstep.mdx b/tutorials/connect-workspace-one-to-smallstep.mdx index f1106a3f..90b9cba7 100644 --- a/tutorials/connect-workspace-one-to-smallstep.mdx +++ b/tutorials/connect-workspace-one-to-smallstep.mdx @@ -180,7 +180,7 @@ A new modal screen will be presented with the empty Request Template configurati 2. Other options can be left as-is 3. Optionally, click the View Device Assignment button to see the devices to which the profile will be distributed 6. Add a Credential by clicking the **Configure** button , and set the following settings: - 1. Credential Store: Defined Certificate Authority + 1. Credential Source: Defined Certificate Authority 2. Certificate Authority: Choose the CA connection you created earlier 3. The certificate template should be selected automatically. If not, select an appropriate one. 4. Key Location: TPM Required From 49843e724c659ebef838b75f849c5e07621526cb Mon Sep 17 00:00:00 2001 From: Josh Drake Date: Mon, 17 Nov 2025 23:26:47 -0600 Subject: [PATCH 2/3] Update WS1 deployment script docs. --- tutorials/connect-workspace-one-to-smallstep.mdx | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tutorials/connect-workspace-one-to-smallstep.mdx b/tutorials/connect-workspace-one-to-smallstep.mdx index 90b9cba7..1cf695f5 100644 --- a/tutorials/connect-workspace-one-to-smallstep.mdx +++ b/tutorials/connect-workspace-one-to-smallstep.mdx @@ -69,18 +69,23 @@ Within a few minutes after adding the connection, you should see all of your Wor 2. Choose **Add** and then **Windows** 1. In the General tab, provide a name for the script, such as “Smallstep Agent Enrollment” 2. On the Details tab, ensure the **Language** is “Poweshell” and the **Execution Context & Privileges** is “System Context” - 3. Use the following snippet as the **Code**, making sure to replace `` with the Team ID value you copied from the Smallstep UI earlier. + 3. Use the following snippet as the **Code**, making sure to replace `` with the Team ID value you copied from the Smallstep UI earlier. `` should be replaced with your full Team name shown in the Smallstep dashboard. ```xml New-Item -Path "HKLM:\Software\Policies\Smallstep" Set-ItemProperty -Path "HKLM:\Software\Policies\Smallstep" -Name "TeamSlug" -Value "" - Set-ItemProperty -Path "HKLM:\Software\Policies\Smallstep" -Name "Certificate" -Value "capi:store-location=machine;store=My;issuer=Smallstep () Agents Intermediate CA;cn=$env:DEVICE_ID" + Set-ItemProperty -Path "HKLM:\Software\Policies\Smallstep" -Name "Certificate" -Value "capi:store-location=machine;store=My;issuer=Smallstep () Agents Intermediate CA;cn=$env:DEVICE_ID" ``` If your team was created before October, 2024, your issuer CA may have a common name without the team slug ("Smallstep Agents Intermediate CA"). Not sure? Check your [Authority list](https://smallstep.com/app/?next=/cm/authorities). - 4. In the Variables tab, click **Add**. Set the variable **Key** to `DEVICE_ID` and the variable **Value** to `{DeviceUuId}` + 4. In the Variables tab, click **Add**. Set the variable **Key** to `DEVICE_ID` and the variable **Value** to `{DeviceUuId}` + 5. Click **Save** to save the script. + 6. Select the newly created script and click the **Assign** button. + 7. Name the assignment as desired and select the appropriate Smart Group. Click **Next**. + 8. For **Deployment**, select "Run Once Immediately" for the **Triggers**. Click **Add**. + 9. Click **Save and Publish**. Click **Publish** on the additional prompt if one is shown. ### 4. Deploy and configure the Smallstep Agent From 325d03dd4a10cca31f43c72807f52987472cebfd Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Tue, 18 Nov 2025 20:11:14 +0000 Subject: [PATCH 3/3] Update capi URI for Intune --- tutorials/connect-intune-to-smallstep.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tutorials/connect-intune-to-smallstep.mdx b/tutorials/connect-intune-to-smallstep.mdx index 3e9626ec..d1f5a178 100644 --- a/tutorials/connect-intune-to-smallstep.mdx +++ b/tutorials/connect-intune-to-smallstep.mdx @@ -1,5 +1,5 @@ --- -updated_at: November 06, 2025 +updated_at: November 18, 2025 title: Connect Intune to Smallstep html_title: Connect Microsoft Intune to Smallstep Tutorial description: Connect Microsoft Intune to Smallstep for Windows device identity. Step-by-step guide for enterprise device trust with MDM integration. @@ -132,7 +132,7 @@ In this step, we’ll tie everything together by creating Windows policy to enro 3. Download the Intermediate Certificate 4. Copy and temporarily save the **SCEP server URL** shown on the page, eg. `https://agents.example.ca.smallstep.com/scep/integration-intune-b967f507` 2. Visit [Team Settings](https://smallstep.com/app/?next=/settings/team) - 1. Copy and temporarily save the **Team ID** value + 1. Copy and temporarily save the **Team Name** and **Team ID** values ### 6. Create a Policy in Intune @@ -161,11 +161,11 @@ In this step, we’ll tie everything together by creating Windows policy to enro 2. Team Slug: (paste the Team ID you saved earlier) 3. Certificate URI: ``` - capi:store-location=machine;store=My;issuer=Smallstep () Agents Intermediate CA;cn=step-agent-bootstrap + capi:store-location=machine;store=My;issuer=Smallstep () Agents Intermediate CA;cn=step-agent-bootstrap ``` - Replace `` in the “Certificate URI” with your team’s slug. + Replace `` in the “Certificate URI” with your full team name. If your team was created before October, 2024, - your issuer CA may have a common name without the team slug ("Smallstep Agents Intermediate CA"). + your issuer CA may have a common name without the team name ("Smallstep Agents Intermediate CA"). Not sure? Check your [Authority list](https://smallstep.com/app/?next=/cm/authorities). 4. Leave the other settings as is. 5. Choose “OK”