For a standard SCEPman setup we recommend generating a new root certificate with the following steps:
Create SCEPman root certificate
Navigate to App Services.
Choose the SCEPman application and click on Browse to see the SCEPman website.
When everything works as intended Intune, Read AAD, Read Intune, and Storage Account are set in green as connected.
4. The option click here to start creating the Azure Key Vault RootCA certificate. The initial root certificate should be created only once on a farm.
5. Select I have read the documentation[...] and click Create First Node.
6. After some seconds/minutes you can refresh the page. Now you should see that the root certificate is available.