We are using Workspace ONE On-Prem setup with On-prem Exchange.
We are using Industrial Android devices and Gmail for accessing corporate emails.
Gmail started showing Can't access cert issue and users not able to sync the emails. And we are using certificate based authentication for Gmail.
No SEG and MEM configurations used. Powershell configuration and Email profile with Exchange payload has been assigned.
on exchange side, certificates are set as required at Microsoft-Server-Activesync?
Instead of that, you could use SEG to authenticate with the certificate, and go with kerberos to the backend...