Deploying Certificates to Windows Devices (AD/InTune)
Active Directory GPO
Download the Certificate
Use this link to download the SchoolProtect certificate.
Create a Group Policy Object
Open Group Policy Management Console on your Domain Controller (or management PC).
Create a new (or update an existing) Group Policy Object at the top of your domain structure and give it a name, for example “LGfL Decryption Certificate”.
Edit the Group Policy Object
Edit the Group Policy Object and navigate to Computer Configuration\Windows Settings\Security Settings\Public Key Policies\.
Right-click Trusted Root Certification Authorities and press Import...
Follow the wizard, browsing to the downloaded certificate file when prompted.
This will now deploy the certificate to all the Windows PCs on your network. Please give plenty of time for the devices to pick up the certificate before enabling decryption on your policies.
More information about deploying certificates through Group Policy can be found here: Distribute Certificates to Client Computers by Using Group Policy.
InTune
Download the Certificate
Use this link to download the SchoolProtect certificate.
Create a Profile
Log into Intune and go to Devices > Windows > Configuration Profiles.
Create a new profile, select Windows 10 or later and choose the Template profile type.
Select the Trusted Certificate template (you can search for this) and click Create.
Upload the Certificate
Enter a name and description, for example, “LGfL Decryption Certificate” then click Next.
Use the blue folder icon to browse for the downloaded certificate.
Ensure the Destination Store is set to Computer certificate store – Root and click Next.
Deploy to Devices
Click Add all devices then Next.
On the Applicability Rules page, leave everything blank and click Next.
Click Create on the last page.
The certificate will now be deployed to all enrolled devices.
More information about deploying certificate through Intune can be found here: Trusted root certificate profiles for Microsoft Intune