To work with Certificate Enrollment Gateway, you must register and configure an application for Certificate Enrollment Gateway, import the issuing CAs as trusted third-party CAs, and configure a SCEP certificate profile in Microsoft Intune. When configuring Microsoft Intune, you must obtain and record information that Certificate Enrollment Gateway requires to connect to your Microsoft Intune instance.

• Registering an application for Certificate Enrollment Gateway
• Generating a client secret for password-based authentication with Certificate Enrollment Gateway
• Generating and importing a TLS certificate for certificate-based authentication with Certificate Enrollment Gateway
• Adding API permissions to the CEG Service application
• Adding CAs to Microsoft Intune as trusted third-party CAs
• Configuring identity protection profiles for Windows Hello for Business
• Configuring SCEP certificate profiles
• Obtaining information required to configure Certificate Enrollment Gateway for Microsoft Intune