Issue Reported: Intune Android device Enrollment fails SSL related issue
Requester has configure ConfigMgr integrated InTune for Office 365 on prem ADFS (Active Directory Federation Services) Authentication for single sing on which configure on windows servers for getting sing sin on authentications.
Actions perform and tested with iOS and Other device (Non Android) user the company portal app login and they are able to completed enrollment. While trying to enroll android device getting error.
Could not sign in. You will need to sign in again. If you see this message again, please contact your IT Admin.
Finding while Android device connect internal wifi connection which bypass the ADFS proxy. Device is able to enroll
Intune App error Logs located:
Send logs to your company support using a USB cable or Email which option are available on company portal for
For sending on usb below is part where logs avialble
Find Android Device\Phone\Android\data\com.microsoft.windowsintune.companyportal\files\.
For reference Click Here
Step 1: Import the certs up the chain into the intermediate store on the ADFS Proxies themselves.
Step 2: Launch the MMC and add the Certificates for the Local Computer on your ADFS Server. Find the cert your ADFS Service is using (likely issued to adfs.yourcompnay.com), and view itâ€™s parent certificate.
Step 3: Move a copy of the â€˜parentâ€™ cert, (in my case, Symantec) into the Computer\Intermediate Certification Authorities\Certificates store.
Next, move copies of your ADFS, ADFS Decrypting, and ADFS Signing Certs into the Personal Store
Finally, restart the ADFS servers, because restarting the service alone is not enough.
With all of this finished, Iâ€™m finally able to enroll Android devices into InTune.
Thanks & Regards,
Follow me: https://www.linkedin.com/in/hiraniconfigmgr