I am working with Microsoft Engineers regarding an Intune SCEP User certificate always defaulting and deploying to System keychain.
I have MobileIron in my environment and it is able to deploy SCEP User certificates to the User keychain without issues.
Is there any insight that Apple or anyone else can provide on how to overcome this limitation with Intune SCEP and iOS/iPadOS? Microsoft has made it clear to me this is by design with Apple on Intune and deferred the SME insight to Apple.
The only documentation I have found from Microsoft related to this is below and see the Note it only mentions macOS but it also applies to iOS/iPadOS.
https://learn.microsoft.com/en-us/mem/intune/protect/certificates-profile-scep
Note
Storage of certificates provisioned by SCEP:
o macOS - Certificates you provision with SCEP are always placed in the system keychain (System store) of the device.