Edit your downloaded certificate for Windows and Android
If you've uploaded your own certificate or created your own CA you will properly have some intermediates or the root certificate in the chain of certificates which will be downloaded. Intune will only use the user certificate if the whole file was uploaded. So for Windows and Android you will have to edit the file, that the actual root certificate will be deployed to your clients. Open the downloaded file and remove the content which is marked in blue(in this sample).