Client Certificate configuration (Windows policy)

User: The certificate is available to the user enrolled with Sophos Mobile.
Device: The certificate is available to all users on the computer.

With the Client certificate configuration you install a client certificate onto Windows computers.

Setting	Description
File	The certificate you want to install. You can upload PEM and PKCS #12 certificates. Click Upload a file and then navigate to the file that contains the certificate. Tip Alternatively, drag the file from File Explorer to the Upload a file area.
Certificate name	After you’ve uploaded the certificate file, this field shows the `subject` value of the certificate.
Target store	The certificate store where the certificate is installed: User: The certificate is available to the user enrolled with Sophos Mobile. Device: The certificate is available to all users on the computer.
Key location	The location where the private key of the certificate is stored: Software: The key is stored in a software-based key store. TPM or software: The key is stored in TPM if it's available. Otherwise the key is stored in a software-based key store. TPM: The key is stored in the Trusted Platform Module (TPM) hardware chip. If the computer doesn’t have a TPM chip or if TPM is turned off in the BIOS, the certificate is not installed. Windows Hello for Business: The key is stored in a Windows Hello for Business container.
Key is exportable	Users can also export the private key when they export the certificate.
Container name	The name of the Windows Hello for Business container where the private key of the certificate is stored.