Deploy an Active Directory Certificate Authority. Build a new public key infrastructure (PKI) or setup a Subordinate CA to an already established PKI hierarchy. Provide public key cryptography, digital certificates, and digital signature capabilities for your organization.
Deploy certificates to your users, devices or services on Active Directory via group policy.
You can use AD CS to enhance security by binding the identity of a person, device, or service to a corresponding private key. AD CS gives you a cost-effective, efficient, and secure way to manage the distribution and use of certificates.
Applications supported by AD CS include Secure/Multipurpose Internet Mail Extensions (S/MIME), secure wireless networks, virtual private network (VPN), Internet Protocol security (IPsec), Encrypting File System (EFS), smart card logon, Secure Socket Layer/Transport Layer Security (SSL/TLS), Secure Web Servers and digital signatures.
AD Certificate Services features
Documentation can be found on - Setup Active Directory Certificate Services in Azure