Network Device Enrollment Service (NDES)

The Network Device Enrollment Service (NDES) allows software on routers and other network devices to obtain digital certificates without running any domain credentials. NDES is also one of the role services on Active Directory Certificate Services (AD CS) role. NDES implements the Simple Certificate Enrollment Protocol (SCEP), which defines the communication between the Registration Authority (RA) and network devices for certificate enrollment.

“The goal of SCEP is to support the secure issuance of certificates to network devices in a scalable manner, using existing technology whenever possible.”