For Certificate Enrollment Gateway to run custom challenge validation with Intune, you must register a new application in Azure Active Directory. This application will give delegated rights to Intune to validate SCEP requests.
To register an application for the CEG Service
- Log in to the Microsoft Azure portal.
- Under Azure services, click Azure Active Directory.
- Click App Registrations.
- Click Register an application.
The Register an application page appears. - For Name, enter a unique application name. For example,
Entrust SCEP Service. - For Supported account types, select Accounts in any organizational directory.
- Do not provide any values for Redirect URI. Intune does not need to redirect back to Certificate Enrollment Gateway after issuing the certificate.
- Click Register.
After registering the application, an Overview page appears for the application. Record the Application (client) ID value. For example:
00000000-0000-0000-0000-000000000000You need this value later to configure Certificate Enrollment Gateway for Microsoft Intune.
- Record your Tenant ID. You need this value later to configure Certificate Enrollment Gateway for Microsoft Intune. The Tenant ID is the domain text after the @ sign in to your account. For example, if your account is
admin@test.example.com, then your tenant ID istest.example.com.