Follow this article:

https://docs.microsoft.com/en-us/mem/intune/protect/certificates-imported-pfx-configure

If we upload the PFX certificate to Intune via Graph API, and then create a “PKCS imported certificate” profile to push the cert to user mobile device.
1. What is the default setting of the certificate? Is it "Exportable" or "non-exportable"?

2. Can we set the certificate to be non-exportable when deploying it into the mobile device from Intune?