Here were my steps for win10 devices (1703 and 1709).
1. Setup a MDM enrollment (in Azure AD). I used a DYNAMIC group type.
2. Remove device from Intune Classic. It takes about 1:15 for the local Intune agents to de-install.
3. Remove from Azure AD Join. (My devices are all AD Joined).
4. Re-do the Azure AD Join. My system will automatically (MDM) add to Azure Intune when a device is AD Joined.
5. Logon with the users o365 ID. In my case, I create a local ID, do the AD JOIN on that local ADMIN ID, joining with an o365 ADMIN ID. Otherwise the o365 ID that does the AD JOIN becomes a local administrator.
6. It can take 1 or more hours for the newly joined device to be listed as compliant.
Using this process, the users o365 local profile settings remained in place and were used again when the device was re-AD JOIN'ed.
For iOS ... I installed Intune Company Portal from the iOS app store. I had no iOS devices prior to this, on Intune.
Downside is ... This was a manual operation. I touched every device to complete this process.