@ComputerHabit, Thanks for posting in Q&A. In fact, Certificate Connector will be used when we deploy SCEP, PKCS certificate via Intune. It also be used when we import PFX certificate to Intune. Based on my understanding, the permission is used when we want to import PFX Certificates to Intune.
If we only want to deploy SCEP certificate, the permission is not required.
https://video2.skills-academy.com/en-us/mem/intune/protect/certificates-scep-configure
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.