In Configuration Manager Current Branch 1710, Microsoft introduced client support for Cryptography: Next Generation (CNG) certificates. Configuration Manager Technical Preview 1802 adds further support to this to cover HTTPS enabled management points, distribution points and software update points.
If you are reading this and have no idea what CNG certificates are then check out these posts for more information:
- CNG Key Storage Providers – https://msdn.microsoft.com/en-us/library/windows/desktop/bb931355(v=vs.85).aspx
- CNG Certificates Overview – https://docs.microsoft.com/en-us/sccm/core/plan-design/network/cng-certificates-overview
There are a number of unsupported scenarios and roles such as using CNG certificates with application catalog, state migration point and cloud distribution point to name just a few. For the full list of unsupported scenarios see this link.
Expect to see further developments in this area as Microsoft modernise some of the components of Configuration Manager, don’t expect application catalog support however as this is about to be deprecated.