After registering an application for the CEG Service, you must add the following API permissions to the application.

You must also grant administrative consent for these permissions to the application.

To add required API permissions to the CEG Service application

1. Log in to the Microsoft Azure portal.
2. Under Azure services, click Azure Active Directory.
3. Click App Registrations.
4. Select the application you created earlier for the CEG Service.
5. Click API permissions.
6. To add the required Intune API permissions:
   1. Click Add a permission. The Request API permissions page appears.
   2. Click Microsoft APIs.
   3. Click Intune.
   4. Select Application permissions.
   5. Select the following Intune application permissions:

      • Select scep_challenge_provider (SCEP challenge validation). 

   6. Click Add permissions.
7. To add the required Microsoft Graph API permissions:
   1. Click Add a permission. The Request API permissions page appears.
   2. Click Microsoft APIs.
   3. Click Microsoft Graph.
   4. Select Application permissions.
   5. Select the following permissions:
      • Select Application.Read.All (Read all applications).
   6. Click Add permissions.
8. When prompted, click Yes to confirm consent.