How to Monitor Certificate Profiles in Configuration Manager

To view compliance results in the Configuration Manager console

1. In the Configuration Manager console, click Monitoring.

2. In the Monitoring workspace, click Deployments.

3. In the Deployments list, select the certificate profile deployment for which you want to review compliance information.

4. You can review summary information about the compliance of the certificate profile on the main page. To view more detailed information, select the certificate profile, and then on the Home tab, in the Deployment group, click View Status to open the Deployment Status page.

   The Deployment Status page contains the following tabs:

   - **Compliant**: Displays the compliance of the certificate profile based on the number of assets that are affected. You can double-click a rule to create a temporary node under the **Users** node in the **Assets and Compliance** workspace. This node contains all users that are compliant with the certificate profile. The **Asset Details** pane also displays the users that are compliant with this profile. Double-click a user in the list to display additional information.
   
     <div class="alert">
   
   
     > [!IMPORTANT]
     > <P>A certificate profile is not evaluated if it is not applicable on a client device. However, it is returned as compliant.</P>
   
   
     </div>
   
   - **Error**: Displays a list of all errors for the selected certificate profile deployment based on the number of assets that are affected. You can double-click a rule to create a temporary node under the **Users** node of the **Assets and Compliance** workspace. This node contains all users that generated errors with this profile. When you select a user, the **Asset Details** pane displays the users that are affected by the selected issue. Double-click a user in the list to display additional information about the issue.
   
   - **Non-Compliant**: Displays a list of all noncompliant rules within the certificate profile based on the number of assets that are affected. You can double-click a rule to create a temporary node under the **Users** node of the **Assets and Compliance** workspace. This node contains all users that are not compliant with this profile. When you select a user, the **Asset Details** pane displays the users that are affected by the selected issue. Double-click a user in the list to display further information about the issue.
   
   - **Unknown**: Displays a list of all users that did not report compliance for the selected certificate profile deployment together with the current client status of the devices.
   

5. On the Deployment Status page, you can review detailed information about the compliance of the deployed certificate profile. A temporary node is created under the Deployments node that helps you find this information again quickly.

   The enrollment status of the certificate is displayed as a number. Use the following table to understand what each number means:

   Enrollment status	Description
   0x00000001	The enrollment succeeded, and the certificate has been issued.
   0x00000002	The request has been submitted and the enrollment is pending, or the request has been issued out of band.
   0x00000004	Enrollment must be deferred.
   0x00000010	An error occurred.
   0x00000020	The enrollment status is unknown.
   0x00000040	The status information has been skipped. This can occur if a HYPERLINK "https://msdn.microsoft.com/en-us/windows/ms721572" \l "_security_certification_authority_gly" certification authority is not valid or has not been selected for monitoring.
   0x00000100	Enrollment has been denied.