The Windows Enrolment is a protocol for automating x.509 certificate issuance for public key infrastructure (PKI) clients. These include web servers, endpoint devices and user identities, and anywhere PKI certificates are used, as well as the associated certificates from a trusted Certificate Authority (CA). Windows Enrolment uses certificate enrolment policy to enrolment identity certificates based on authentication scheme in deployment URLs.