Enroll Windows 10 Devices to Intune
The following sections link to the Microsoft Quickstart on enrolling your Windows 10 device and then cover how to confirm the installation of CA and Device Certificates and instructions for removing the Windows 10 Devices from Intune.
Enroll Windows 10 Device
Enrolling your devices into Microsoft Intune allows your Windows 10 devices to get access to your organization’s secure data. For instructions on enrolling your Windows 10 devices to Microsoft Intune, refer to the Microsoft Quickstart: Enroll your Windows 10 device.
Confirm Installation of CA and Device Certificates
To confirm that the CA and device certificates have been installed, do the following.
To open the Computer Certificate Store console, click the Windows Start icon and select Settings to display Windows Settings options.
In the Search field, enter "manage computer certificates" and select the Manage computer certificates application.
Confirm that the device certificate has been installed under Local Computer > Personal > Certificates, certificate store.
Confirm that the Root CA certificate has been installed under Local Computer > Trusted Root Certification Authorities > Certificates, certificate store.
Confirm that the following certificates have been added to Local Computer > Intermediate Certification Authorities > Certificates, certificate store.
The Issuing CA.
The Root CA.
The Microsoft Intune MDM Device CA.
Troubleshooting
To troubleshoot certificate enrollment, refer to the following information.
Intune EJBCA Connector Tomcat App:
Intune EJBCA Connector Tomcat app: /opt/tomcat/latest/logs/intune-ejbca-connect.log
Additional debug logging help is available at the Intune EJBCA Connector GitHub: https://github.com/agerbergt/intune-ejbca-connector
EJBCA Wildfly Log: /opt/wildfly/standalone/logs/server.log
Windows 10 Application Log
Remove Windows 10 Devices from Intune
Removing devices from Microsoft Intune can be performed from Intune or from the device itself. When devices are unenrolled, the certificates are removed from the devices but are not revoked. For more information, refer to the Microsoft doc Removing certificates.
Also note, that if a device is re-enrolled, a new device certificate will be issued.
Retiring from Intune
Login to the Intune Portal (https://aka.ms/intuneportal)
Select Devices > All devices, and then click the name of the device.
Select Retire and answer Yes.
Confirm that all CA and device certificates have been removed from the Windows 10 Computer Certificate Store.
Removing from the Device Itself
For instructions on removing Windows 10 devices from Intune, refer to the Microsoft doc Remove your Windows device from management.