I hope this email finds you well. Upon reviewing the configuration, we have found that you have configured CN={{UserName}},E={{EmailAddress}} under subject name format and there is a known issue for SCEP and PKCS certificate. If Subject name included “,” it might fail or ask for manual authentication. Sharing MS Article for the same.

(Use SCEP certificate profiles with Microsoft Intune | Microsoft Learn) 

To provide a workaround for this issue, instead of using CN={{UserName}},E={{EmailAddress}} as Subject Name format, you can try using CN=”{{UserName}}”,E={{EmailAddress}} or CN=”{{UserName}}”,E={{EmailAddress}}. This adjustment may help in resolving the issue.