It’s “all or nothing”. Either you ask RouterOS to create the IPsec configuration for the L2TP server “dynamically” by setting use-ipsec=yes or required and non-empty ipsec-secret, and it uses the default rows of /ip ipsec profile and /ip ipsec policy group when creating the peer and identity items, or you set use-ipsec=no and create the complete IPsec configuration for the L2TP server manually.
I’ve described multiple times here how to create a manual IPsec configuration by cloning and then modifying the dynamic one, the second part of this post should give you the idea.