
Explanation:
Step 1: Obtain the root certificate.
Export the root certificate from the Enterprise CA.
To authenticate a device with VPN, WiFi, or other resources, a device needs a root or intermediate CA certificate.
Step 2: From the Microsoft Endpoint Manager admin center, create a trusted certificate profile Create a trusted certificate profile
1. Sign in to the Microsoft Endpoint Manager admin center.
2. Select and go to Devices > Configuration profiles > Create profile.
3. Enter the following properties:
Platform:
Profile: Select Trusted certificate. Or, select Templates > Trusted certificate.
Select Create.
4. Etc.
Step 3: From the Microsoft Endpoint Manager admin center, create a PKCS certificate profile Create a PKCS certificate profile
1. Sign in to the Microsoft Endpoint Manager admin center.
2. Select and go to Devices > Configuration profiles > Create profile.
3. Enter the following properties:
Platform:
Profile: Select PKCS certificate. Or, select Templates > PKCS certificate.
Select Create.
4. Etc.
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/certificates-pfx-configure