On your Windows 10 device that you want to set as a Trusted Device.
We need to set up two things to fully set this up.
Search and open "Manage your account".
Click on "Access work or school".
This is found under Settings> Accounts> Access work or school.
Under the "Access work or school" section, click on "Connect".
You will be prompted for your login details. Enter your test user's details here.
As I configured my Okta to be the Identity Provider for Microsoft Office 365 via WS-Federation Single Sign On (SSO) integration, it will prompt me for my Okta username and password. I will log in with the corresponding test user that I have in Okta and Microsoft Azure Active Directory.
It will then register my Windows 10 device.
Once completed, it will give you a confirmation. "You're all ready!"
Then you will see your account listed under the "Connect" button.
We will need to install Microsoft Intune "Company Portal" to further set up our device for corporate use.
Go to your "Microsoft Store". Click "Get" to install.
Under the "Devices" section, click on "This device hasn't been set up for corporate use yet. Select this message to begin setup."
Click on "This device hasn't been set up for corporate use yet. Select this message to begin setup."
It will prompt you to "Connect this device to work", click "Next".
Click "Connect".
You will then be prompted for your 1) Email address, and 2) MDM Management endpoint/ MDM Server URL/ MDM discovery URL as - https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc
You will then be prompted to log into Microsoft Intune, which we will do via Okta, our identity provider, which we have configured to manage our identity from Okta to Microsoft Office 365/ Microsoft Azure Active Directory.
Log in.
Once we have signed in successfully, we can move to the next step.
Click "Got it".
Then we just wait for our device to connect with Microsoft Intune. We can do other things while we are waiting.
When we are done, we will get an "You're all set!" message.
If we go back to our Microsoft Endpoint Manager, we can now see our Windows 10 device managed by Microsoft Intune and Okta.
Under Devices> Windows> Windows devices
You are all set now!
If you need to manage Android and/or Apple devices with Microsoft Intune, then we need to configure Microsoft Intune to be able to connect with Google Android Enterprise and/or Apple Business Manager. That is:
To kick this off, in Microsoft Endpoint Manager, we can go our "Devices" Overview and click on "Enroll devices".
Microsoft Endpoint Manager> Devices
In order to manage Android devices, we need to connect Microsoft Intune with Google Android Enterprise.
To do this, we:
Microsoft Endpoint Manager> Devices > Enroll devices> Android enrolment
Click on "Managed Google Play".
Under "I grant Microsoft permission to send both user and device information to Google. Learn more", tick "I agree".
Then click on "Launch Google to connect now".
A pop up web browser will pop up where you can click the "Get started" button.
Enter your business name and click Next.
Fill in your Data Protection Officer and EU Representative details.
Tick "I have read and agree to the Managed Google Play agreement."
You will then receive a "Set up complete" message.
You can close the window or click on the "Complete Registration" button which will close the window.
If you go back to Microsoft Endpoint Manager, you will see that your Google details have been authorised in Microsoft Intune now.
It will say a Status = Set up (green tick).
You will then be able to manage your Android devices from Microsoft Intune using your Google Account.
You will now have options to manage your Android devices, depending on your preferences and if you are managing corporate issuedAndroid devices or personal Android devices.
As we are testing, let's use the "Corporate-owned, fully managed user devices" option.
Click on "Corporate-owned, fully managed user devices".
Where it says "Allow users to enrol corporate-owned user devices", click "Yes".
This will give you the following which you can use depending on Android OS and version of your device.
In order to manage Apple devices, we need to connect Microsoft Intune with Apple.
Specifically, Apple will only let you manage Apple devices if you have an Apple Business Manager account.
Once you have that, you can follow the following steps:
Microsoft Endpoint Manager> Devices > Enroll devices> Apple enrolment
Click on "Apple enrolment".
Click on "Apple MDM Push certificate".
Check the tickbox for "I agree".
Click on "Download your CSR" to download your Intune CSR certificate signing request certificate to your computer.
Click "Upload" when you're ready.