To get it working you can follow the official documentation: http://technet.microsoft.com/en-us/library/2c6bd0e5-d436-41c8-bf38-30152d76be10#BKMK_RTcert
For more information on how to enroll and sideload keys for APP Deployment, Simons May has created a great video: http://www.youtube.com/watch?feature=player_embedded&v=KFpaUSWAv9U#!
Before I got things working I learned a couple of lessons:
- Do not install DirSync on the SCCM server. (It broke my management point)
- Make sure the username of your Intune enabled users is synchronized by DirSync and is the same as discovered in SCCM. If it’s not you will not be allowed to enroll your device.
- For Windows Phone you need a Symantec Code Signing certificate. But for Windows RT it’s not an absolute requirement. If you have an internal PKI solution you can create your own.