I would ask the requested what functionality he wants to achieve, as the request as defined in your question leaves quite some room for interpretation. You don't include a corporate Root-CA in a client certificate.
What are some of the possible questions:
- Can we issue certificates with Onboard that are trusted by our company Root-CA; the answer to that is yes, and follow the suggestions by Tim: ADCS or sign the Onboard CA as an intermediate. Where I tend to add to such a request that you should be exactly knowing what you are doing as this renders your Onboard in a certificate issuing entity that generates certificates that are company-wide trusted, which in turn may result in providing to much trust/access to those certificates. So, yes it can be done, and no, you probably don't want it unless you have other reasons that some manager asked you to do it.
- Can we enroll the corporate Root CA to client devices in the Onboarding process? The answer to that is also yes. You can in the Onboard Trust settings select 'manually configure trust settings' which allows you to select one or multiple root CAs that are installed on the client devices. For BYOD, be aware that pushing additional root CAs will allow the company to deploy technologies like SSL interception, which may require explicit consent from the end-user (depending on your local laws).
If you can ask, and share the question behind the question (what is the expected functionality), that might help in getting the right answer to the right question.