Archived TD0212: FCS_HTTPS_EXT.1.3 - TLS Mutual Authentication Update
FCS_HTTPS_EXT.1.3 in MDM PP v2.0 and v3.0 may improperly imply that clients must always authenticate to the MDM Server's TLS server using TLS client certificate authentication. Authentication of remote administrators is often implemented using password-based authentication over HTTPS rather than using a TLS client certificate
Exclude FCS_HTTPS_EXT.1.3 from MDM PP v2.0 and v3.0.
TLS client certificate authentication is not required for remote administration. TLS client certificate authentication is required for MDM Agents connecting to the MDM Server after initial enrollment, but FCS_TLSS_EXT.1.3 and FCS_TLSS_EXT.1.4 already suffice to ensure that MDM Server implementations support client certificate authentication.