The user experience of Device Certificate Authentication, such as the registration and verification process, is controlled by the DeviceCert policy. You can either edit the existing, default DeviceCert system policy, or you can create a new DeviceCert policy. Latter is recommended.