I have just updated this paper. Here is the latest draft: http://go.microsoft.com/fwlink/?LinkID=93875. In this paper, we cover Network Device Enrollment Service that allows certificate enrollment through the Simple Certificate Enrollment Protocol (http://tools.ietf.org/html/draft-nourse-scep-19). Specifically in this update, we’ve documented new functionality that allows for a single password mode and renewal based on an existing certificate.
Program Manager, Windows Security