Edit the template you'd like to enable SCEP with Intune and choose the SCEP tab. Enable the "Enable Microsoft Intune/Endpoint Manager Integration" checkbox and fill out the three required fields. To get values for these fields, follow the Microsoft documentation
to set up third-party CA integration. After following the steps in the documentation, you must also do the below steps to add the "Application.Read.All" API permission.
- Navigate to your Azure App
- Go to API permissions
- Click 'Add a permission'
- Select the 'APIs my organization uses' tab
- Search for 'Windows'
- Select 'Windows Azure Active Directory'
- Select 'Application permissions'
- Select 'Application.Read.All'
- Finally, grant admin consent to this permission