@tarou chabi Thanks for posting in our Q&A.
No, there is no certificate installed when we enroll iOS devices with intune, we just install management profile.
https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-your-device-in-intune-ios
However, before we enroll the iOS devices, it is needed to get an Apple MDM Push certificate. We can read the following article as a reference. There is no way to control this certificate via intune.
https://learn.microsoft.com/en-us/mem/intune/enrollment/apple-mdm-push-certificate-get
For conditional access and MCAS, it is more related to Azure AD. So it is suggested to post and only add Azure AD tag.
Thanks for understanding and have a nice day.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.