It's not clear exactly what you are asking here. PKI certificate trust is based on trusting the PKI that issued the certificate. That's generally the whole point of using a public CA like DigiCert as certs they issue are automatically trusted by all devices as Microsoft configures Windows to do this by default.
Note though that trusting the identity of a client doesn't mean the client itself is trusted to gain access to anything. In this case, it simply means that ConfigMgr will manage the device. This is no different than any credential; specifically, just because you have the credential and can authenticate doesn't mean you can actually access anything as authorization is separate and must still be granted.
Also, keep in mind that every client requires its own, unique client auth certificate. For this reason, it's generally impractical to use a public CA for client auth certificates as it's a recurring expense and recurring logistic nightmare to renew these individual certs on every managed device.