There is a discussion at
https://macadmins.slack.com/archives/C5238RU9X/p1732187435343649
that covers most of this issue. It doesn't explicitly say why a different non-identity cert payload isn't used and also if I navigate to the enterprise application path in Safari it prompts me to use the Device Identity cert for client authentication and then server the page
Post
Replies
Boosts
Views
Activity
Things have definitely got better for us but I have just found a problem device running iOS 18.1. Not sure what has made it better as we had
a version of our MDM where Allow Pairing was always set to false so we had to wipe and DEP enrol some devices again
Sequoia uplift
Xcode 16 uplift
Sorry can't be of more help