Deploy an Active Directory Certificate Authority. Build a new public key infrastructure (PKI) or setup a Subordinate CA to an already established PKI hierarchy. Provide public key cryptography, digital certificates, and digital signature capabilities for your organization.

• Deploy certificates to your users, devices, or services on Active Directory via group policy.
• Use the Network Device Enrollment Service (NDES) to deploy certificates to network devices such as routers and switches.
• Use the Online Certificate Status Protocol (OCSP) to check the revocation status of certificates in real-time.
• Use the existing endpoint identity information that exists in AD to register for certificates (to avoid re-registering).
• Configure AD Group Policies to dictate which users and machines are allowed which types of certificates.
• Automate Certificate Provisioning and Lifecycle Management.
• You can use AD CS to enhance security by binding the identity of a person, device, or service to a corresponding private key. AD CS gives you a cost-effective, efficient, and secure way to manage the distribution and use of certificates.
• Applications supported by AD CS include Secure/Multipurpose Internet Mail Extensions (S/MIME), secure wireless networks, virtual private network (VPN), Internet Protocol security (IPsec), Encrypting File System (EFS), smart card logon, Secure Socket Layer/Transport Layer Security (SSL/TLS), secure web servers, and digital signatures.

• Key Attestation now supports the use of Smart Card Key Storage Providers
• Enhanced Key Attestation with TPM 2.0 for hardware-based key protection
• Support for ECDSA and SHA-384/SHA-512 cryptographic algorithms
• Network Device Enrollment Service (NDES)
• Online Certificate Status Protocol (OCSP)
• HTTPS Certificate Enrollment (CEP/CES) for secure enrollment over HTTPS
• Hardware Security Module (HSM) Integration to protect CA private keys
• Use the existing endpoint identity information that exists in AD to register for certificates (to avoid re-registering)
• Configure AD Group Policies to dictate which users and machines are allowed which types of certificates
• Automate Certificate Provisioning and Lifecycle Management
• Certificate Templates v4 with enhanced security defaults
• Full PowerShell cmdlet support for AD CS administration
• Enhanced Audit and Compliance Logging for certificate lifecycle
• Cross-Forest Certificate Enrollment for trusted forests
• Azure Arc and Entra ID Integration for hybrid cloud scenarios

PKI Support

Documentation & support can be found on - PKI in Azure