Microsoft deprecating AAD Graph in June of 2022. Making this graph option is no longer available.
The AAD team made a change that is causing this impact in the UX very recently. The workaround, in the short term, can be done by editing JSON as shown below.
When customers are setting up Intune SCEP to work with PKI 8 they get permission denied errors when adding the graph feature. The reason is Microsoft is deprecating the ADD graph in favor of a new one. The following message is posted to alert them of the situation.
(This is the currently available option for adding the permission per our current document)
Now the Graph is contained in the following section of Intune.
This is the error in Splunk from an attempted enrollment.
To confirm you are complete, check the API graph permissions NOTE, you will need to “Grant Consent” as well:
For additional information please see the following KB:
Use third-party certification authorities (CA) with SCEP in Microsoft Intune
If you have any questions, please contact DigiCert PKI Support