Hi @Airsail,

There can be few possible reasons why Intune is (or might not) not be pushing the signed certificate back to the end device:

• The device is not enrolled in Intune. In order to receive certificates from Intune, the device must be enrolled in Intune.
• The device is not compliant with the certificate profile. If the device is not compliant with the certificate profile, Intune will not push the certificate to the device.
• There is a problem with the certificate profile. If there is a problem with the certificate profile, Intune will not be able to push the certificate to the device.
• There is a problem with the Intune service. If there is a problem with the Intune service, it may not be able to push the certificate to the device.

To troubleshoot the issue, you can try the following:

1. Make sure that the device is enrolled in Intune and compliant with the certificate profile.
2. Review the certificate profile to make sure that it is configured correctly.
3. Check the Intune service health to make sure that there are no problems.

Here are some additional links that may be helpful:

• Troubleshoot PKCS certificate deployment in Intune: https://learn.microsoft.com/en-us/troubleshoot/mem/intune/certificates/troubleshoot-pkcs-certificate...
• end device not receiving signed cert from Intune services: https://techcommunity.microsoft.com/t5/microsoft-intune/end-device-not-receiving-signed-cert-from-in...
• Create trusted certificate profiles in Microsoft Intune: https://learn.microsoft.com/en-us/mem/intune/protect/certificates-trusted-root

It can take some time for certificates to be pushed to end devices. The sync period for certificates is typically 8 hours, but it can take longer depending on the number of devices in your environment.