MicrosoftROL801 you need to minimally add the CA trustchain of your used S/MIME certificate provider as an SST file into your Azure environment. Outlook for iOS obtains the trusts from Azure and not from iOS itsself. This guide explains it: https://tinyurl.com/yatbzams
When you use SCEP, a CSR and with the private key, is created on the target enrolled device, which is used to obtain a signed certificate.
So you will only be able to use that certificate for the particular emailaddress on the specific device, as there is no real way to extract that certificate and private key fro iOS and install it on another device.
You had better use the PKCS method, as it allows you to send the same certificate to multiple devices and as a result use the same certificate and keypair for S/MIME purposes.
