Hello there,
You may try the CNG certificates.
Configuration Manager supports Cryptography: Next Generation (CNG) certificates. Configuration Manager clients can use a PKI client authentication certificate with the private key generated and stored in a CNG Key Storage Provider (KSP). With KSP support, Configuration Manager clients support hardware-based private keys, such as a TPM KSP for PKI client authentication certificates.
https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/network/cng-certificates-overview
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--