Outlook app, oh interesting! Can I ask if you're just using username/pwd to authenticate or certificates? We currently have username/pwd for authentication but also a certificate payload included as an extra security measure to prevent team members from simply manually setting up creds. In the past, they would use this method to bypass enrolment so we've shut this backdoor now. However I haven't been able to get Outlook working this way and I've been told I'd need to have SCEP for this to work rather than MSADCS.
Thanks for your feedback.