SCEP Profile Missing "Challenge password" & "Validity period" Fields

Hello Intune Community / Microsoft Support,

We are trying to set up EAP-TLS with Intune-managed Windows devices, using FortiAuthenticator as our CA/RADIUS.

Issue: Our SCEP certificate profiles (under Devices > Configuration profiles) are missing the following critical fields:

"Challenge password"
"Certificate validity period"

Additionally, the section for configuring SCEP connectors is also absent under Tenant administration.

Impact: FortiAuthenticator requires a static challenge password for SCEP, but Intune provides no field to set this. This incompatibility is blocking certificate issuance and our EAP-TLS deployment.

Steps Verified:

Confirmed it's a standard SCEP certificate profile for Windows 10 and later.
Fields are genuinely not present after thorough checks.

Request: Why are these standard SCEP fields and this configuration section missing in our tenant? How can we proceed with SCEP certificate enrollment, especially with a FortiAuthenticator CA?

Thank you for your urgent assistance.