Hi @Abby Greentree ,
Greetings! Welcome to Microsoft Q&A forum! Thank you for posting the question here.
Once you get a valid certificate from a trusted Certified Authority, the authentication for the devices will display as 'X509 CA Signed' instead of 'Self-Signed X509 Certificate'. Please refer this resource X.509 certificate attestation gives an overview of the Device Provisioning Service (DPS) concepts involved when provisioning devices using X.509 certificate attestation. The article mentions that self-signed root certificate will be terminated after providing a valid X.509 certificate.
Here is another article that will guide on Authenticate devices using X.509 CA certificates.
Hope this information answers the questions you have. Please let us know if you need any further clarification on this issue.
----------
Kindly accept answer or upvote if the response is helpful so that it would benefit other community members facing the same issue. I highly appreciate your contribution to the community.