1. Configure Hybrid Azure AD Key Trust
  2. Create trusted certificate configuration profiles