SCEPman needs to interact with your Azure Active Directory and Intune endpoints to provide the certificate and OCSP validation of users and devices. To provide the necessary permissions to SCEPman you need to create an App Registration within your tenant.
Login in to Azure Portal
Navigate to Azure Active Directory
Click App registrations
Click New registration and enter a name, i.e. SCEPman. For supported account types choose Accounts in this organizational directory only and click register.
You may copy the Application (client) ID now. The ID is important and will be needed later when installing SCEPman from marketplace. But you can access this ID anytime.
Stay within App registrations and click on Certificates & secrets
Click New client secret, add a description and choose the expiration. We recommend Never, this helps to provide an ongoing service for a long time. You can revoke a secret at any time. Click Add.
Copy the secret and write it down in a secure place.
Stay within App registrations and click on API permissions
Click on Add a permission and choose Microsoft Graph. When chosen, select Application permissions and search for directory. Add Directory.ReadAll as a permission.
Now click on Add a permission and choose Intune. When chosen, select Application permissions and search for scep. Add scep_challenge_provider as a permission.
Finally click on Grant admin consent and confirm the consent for the given app registration.
The app registration is done.