Prerequisites
Your Microsoft Azure tenant has Azure Active Directory services enabled.
Your Microsoft Intune account is configured for Intune MDM Authority.
Your Microsoft Intune account is configured with an Apple MDM Push Certificate, if you need to issue certificates to Apple iOS devices.
Your DigiCert® Trust Lifecycle Manager account is enabled with the following DigiCert certificate templates and you have at least one seat of the appropriate seat type available for the type of certificate you want to issue:
DigiCert ONE certificate template
Seat type
Device Authentication for Microsoft Intune (SCEP)
Device
User Client Authentication for Microsoft Intune (SCEP)
User