802.1x on not bound Mac

Contributor II

I'm new to my role and before my time, the Macs were AD bound and using 802.1x authentication. Now they are not bound and I'm wondering if anyone can share how authentication can be done now. Networking is not my strong suit. My goal is to have a clean experience for users. I could completely remove the WiFi payload the push now and leave it to the users to click the SSID in the Menu bar and then authenticate, but I'd like it if the computer tried to connect to WiFi and then asks for the username and password.

I should add, we do a zero touch enrollment using DEP and a prestage enrollment. I'd ultimately like to do this on WiFi, but the config profiles don't reliably get installed before the user leaves the setup assistant, so for now, we are recommending ethernet or home (off our network) enrollments.