Installing the server infrastructure components for SCEP could not be easier. In fact, it's not entirely accurate to call the process an installation, since all the bits for SCEP already exist on your CAS or primary site servers. Enabling the Endpoint Protection simply flips the SCEP components to the on position and takes care of the EULA for SCEP.
In order to complete the process for enabling SCEP, you will need to utilize a user account with the Full Administrator security role applied. If your account has only been granted the Endpoint Protection Manager role, this will not be sufficient for this process.
Also, keep in mind that part of this installation process is to install a baseline SCEP client on the SCCM servers themselves. This is necessary for the extrapolation of virus metadata from the local client's definitions to use in SCEP reports and alerts.
For the most part, the SCEP installation process is very good at removing legacy...