Hi @Heba Wagih Thanks for posting in our Q&A forum.
I did some research and the official article shows that create a trusted certificate profile to deploy the trusted root certificate should be a feasible method. Please refer to:
https://learn.microsoft.com/en-us/mem/intune/protect/certificates-trusted-root#create-trusted-certificate-profiles
In addition, SCEPman is also a more once-and-for-all method. Have a look at:
https://oliverkieselbach.com/2019/07/02/the-easy-way-to-deploy-device-certificates-with-intune/
Note: unofficial links, just for reference.
Hope the above information can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in [our documentation][1] to enable e-mail notifications if you want to receive the related email notification for this thread.