In the Microsoft Azure portal, create an application for running the Intune service. 

At the end of this process, you should have the Application (client) ID, Directory (tenant) ID, and Client secret values required when Configuring an Entrust-hosted Certificate Enrollment Gateway for Intune.

To create an Intune application in Azure

  1. Log into portal.azure.com as a user with administrative permissions.
  2. Go to Home > App registrations.
  3. Click New registration to display the Register an application page.
     
  4. In the Name field, type the name of the new Intune application. 
  5. In the Supported account types list, be sure that Accounts in this organizational directory only (TenantMonkey only - Single tenant) is selected. 
  6. Click Register to display the details of the new application. 

  7. Copy the  Application (client) ID and Directory (tenant) ID values in a text file. You will use these values when Configuring an Entrust-hosted Certificate Enrollment Gateway for Intune.
  8. Click Add a certificate or secret to display the Certificates & secrets page.

  9. Click New client secret to display the Add a client secret dialog.
  10. In the Description field, write a description of the new secret. 
  11. In the Expires drop-down list, select the expiration date of the new secret.
  12. Click Add to add the new secret and close the Add a client secret dialog.
  13. On the Certificates & secrets page, copy the Value of the new secret in a text file. You will use this value when Configuring an Entrust-hosted Certificate Enrollment Gateway for Intune

    The secret value will no longer be available after leaving this page.

  14. In the navigation sidebar, click API permissions to display the API permissions page. 
  15. Click Add a permission to display the Request API permissions sidebar.
  16. In the Request API permissions sidebar:
    1. Click Microsoft Graph.
    2. Click Application permissions.
    3. Under Select permissions, expand the Application list and select the Application.ReadAll permissions.
    4. Click Add permissions
  17. Click Add a permission to display the Request API permissions sidebar again.
  18. In the Request API permissions sidebar: 
    1. Click Intune.
    2. Click Application permissions.
    3.  Under Select permissions, select the scep_chanllenge_provider permission.
    4. Click Add permissions
  19. On the API permissions page, click Add admin consent for the TenantMonkey for granting these permissions to the new Intune application.