Authentication Relay

Is there away to preload a certificate on new machines?

We currently change our Key exchange password every 30 days. Could we preload a certificate so that the machine can use that versus the password for the first authentication?

The certificate is unique to each client… We don’t have a documented way to do it, though it might be possible, but would certainly be more laborious than updating a clientregister password (would involve sneaker-neting the CSR between the client and root server)

there isn’t a wildcard we could create for first checkin we have mutiple clients that we are trying to link back to big fix via an intune deployments in mutiple m365 tenants

I know that bigfix has the modern client that can be deployed vis M365 can that connect into mutiple m365 tenants?