When you’re using both ADFS and Intune, you may want to save your users the annoying redirect after they type in their UPN when they access ADFS secured resources.

I personally like simplicity, so to build a fast and effective method for logging in to the Intune Portal (could be used for other things too) I did the following:

1. set a DNS record to communicate to my users: portal.lieben.nu, the DNS record points to an IIS server I control
2. browse to the Intune Portal with Internet Explorer and press F12 to display the developer tools
3. Click the Network tab and enable recording
4. Enter your email address

The first URL you’ll see appear in the network monitoring tab, is the ‘smart link’.  It needs to be stripped of user-specific information before you can use it for all your users. Initial example URL:

https://fs.lieben.nu/adfs/ls/?cbcxt=portal&popupui=&vv=&username=test_jos%40lieben.nu&mkt=&lc=19&wfresh=&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=wa%3Dwsignin1.0%26wreply%3Dhttps%253a%252f%252fmanage.microsoft.com%252fUISecurityTokenService%252fStsLoginRedirect.aspx%253fclient-request-id%253d696e9150-d7be-4a51-bf6c-79c972f2e493%2526tt%253djwt%26wctx%3Dhttps%253a%252f%252fportal.manage.microsoft.com%252f%253fclient-request-id%253d696e9150-d7be-4a51-bf6c-79c972f2e493%26cbcxt%3DPortal%26wp%3DHBI_FED%26lc%3D19%26bk%3D1427976030%26LoginOptions%3D3

Now, remove everything between ls/? and &wa, and remove everything from &bk

https://fs.lieben.nu/adfs/ls/?wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=wa%3Dwsignin1.0%26wreply%3Dhttps%253a%252f%252fmanage.microsoft.com%252fUISecurityTokenService%252fStsLoginRedirect.aspx%253fclient-request-id%253d696e9150-d7be-4a51-bf6c-79c972f2e493%2526tt%253djwt%26wctx%3Dhttps%253a%252f%252fportal.manage.microsoft.com%252f%253fclient-request-id%253d696e9150-d7be-4a51-bf6c-79c972f2e493%26cbcxt%3DPortal%26wp%3DHBI_FED%26lc%3D19

5. Our clean ADFS SmartLink now needs to be used for a 302 redirect. You can use your own method, or you can use mine in IIS.
6. Open IIS Management and create a new Web Site
7. Give it a name, for example, Portal
8. Set the binding to your DNS record, e.g. portal.lieben.nu on port 80 so it only redirects requests for the portal
9. click ok, your website has been created, click on it again and choose HTTP Redirect (this feature won’t be present if you didn’t install it!)
10. In the ‘Redirect requests to this destination’ box, enter your clean ADFS SmartLink
11. Under Redirect Behavior, click ‘Redirect all requests to exact destination’
12. Use Status Code 302 and save. Portal.lieben.nu now automatically and invisibly directs the user to the ADFS signin page, which in turn immediately logs the user in to the Intune Portal.